PANews reported on April 15 that according to the official update of ZKsync, the investigation showed that the administrator address of the airdrop contract (0x8428…587D) was compromised, and the attacker called the sweepUnclaimed() function to illegally mint about 111 million ZK tokens from three airdrop contracts, accounting for about 0.45% of the total supply. The incident was limited to the airdrop distribution contract, and the ZKsync protocol and its token contracts, governance contracts, and authorized minters were not affected. At present, most of the funds are still in the attacker's address, and the team is coordinating with the SEAL organization and exchanges to track and encourage the attacker to return the funds.