ZKsync: The administrator accounts of three airdrop distribution contracts were hacked, and the attacker minted approximately 111 million ZK tokens

ChainCatcher message, ZKsync posted on platform X stating that, after investigation, the administrator accounts of three airdrop distribution contracts have been compromised. The attacker invoked the sweepUnclaimed() function to mint approximately 111 million unclaimed ZK tokens from the airdrop contract. This incident only involves the airdrop distribution contracts, and all mintable funds have been fully minted, making further exploitation through this method impossible.

The ZKsync protocol, ZK token contract, all three governance contracts, and all active token cap minters have not been affected by this incident and will not be affected. They are currently coordinating with exchanges for recovery efforts and advise the attacker to return the funds to avoid legal liability.