PANews reports on April 15th that according to an official update from ZKsync, an investigation revealed that the administrator address of the airdrop contract (0x8428…587D) was compromised. The attacker called the sweepUnclaimed() function to illegally mint approximately 111 million ZK tokens from three airdrop contracts, which represents about 0.45% of the total supply. The incident was limited to the airdrop distribution contract, and the ZKsync protocol, token contract, governance contract, and authorized minting parties were not affected. Currently, most of the funds remain in the attacker's address, and the team is coordinating with SEAL organization and exchanges to track and encourage the attacker to return the funds.
