Update on the ongoing investigation, mitigation efforts, and path forward: Scope Summary The ongoing investigation has identified that this incident was caused by a compromised airdrop admin key, and is contained to three specific Merkle distribution contracts from the June 2024 ZK token launch. No additional ZK tokens can be minted from any of the distributors, as the total capped supply of each has been fully minted. No further exploits via this method are possible. The compromised admin key was not in control of any other contracts and could not perform any actions besides minting unclaimed tokens from the airdrop after the claim window expired. The ZKsync protocol, ZK token contract, all three governance contracts and timelocks, and all active Token Program capped minters were not, and cannot be impacted by this incident. Mitigation Efforts Approximately 70% of the exploited assets remain on ZKsync Era, composed of ~45M ZK and ~1021 ETH. Matter Labs, which is currently ZKsync Era chain’s sole sequencer, implemented transaction filtering for the compromised accounts. Matter Labs does not have the capacity to respond to every potential incident involving individual smart contracts; however, this exceptional action was taken after consultations with the ZKsync Association, because unauthorized minting of ZK token related directly to protocol governance. While we are working to upgrade ZKsync to Stage 1 and implement decentralized sequencing, Era is currently operating as a Stage 0 rollup, which made this measure possible. It is important to emphasize that ZKsync governance and the Security Council have the ability to replace the sequencer at any point and remove all filters. This transaction filtering will remain in place until the incident is resolved. Next steps The investigation remains ongoing, and there are active efforts to recover the funds. The ZKsync Association, ZKsync Foundation, and Matter Labs appreciate the patience and support of the community. We will share a detailed incident report once this is fully resolved.