ZKsync: After investigation, it was found that the accounts of three airdrop contract administrators were stolen, and 111 million ZKs were minted, accounting for 0.45% of the total supply

According to Foresight News, ZKsync announced an update stating that after investigation, the administrator accounts of three airdrop distribution contracts were compromised. The attacker called the sweepUnclaimed() function, minting approximately 111 million unclaimed ZK tokens from the airdrop contract. This transaction caused the circulating token supply to inflate by about 0.45%, representing approximately 0.45% of the total token supply. The incident only involved the airdrop distribution contracts, and all mintable funds have been minted. No further exploitation is possible through this method. The ZKsync protocol, ZK token contract, all three governance contracts, and all active token program cap minters were not and will not be affected by this incident. The attacker still holds most of the funds in this account, and ZKsync calls on the attacker to contact security@zksync.io to negotiate the return of funds and avoid legal liability.