June 17, 2024

Amidst Ongoing Debates, Can ZKsync Still Become a Dark Horse in the Layer 2 Race?


The highly anticipated ZKsync airdrop allocation plan has been finalized. The ZKsync Association will conduct a one-time airdrop of 3.6 billion ZK tokens to early users and adopters of ZKsync next week, with 695,232 eligible wallets. The snapshot was taken on March 24, and community members can claim the airdrop from next week until January 3, 2025.


ZKsync is an Ethereum Layer 2 chain that uses zero-knowledge rollup (ZK rollup) technology to address Ethereum's current scalability issues. ZKsync aims to provide cheaper and faster transactions on the Ethereum blockchain and become a home for many popular Ethereum applications. If successful, we could see major decentralized exchanges and DeFi protocols expanding to the zkSync layer, allowing cryptocurrency users to access these tools at lower costs.


However, whether it's the earlier trademark dispute over the "zk" trademark by ZKsync's parent company or the current airdrop controversy, ZKsync has once again been thrust into the spotlight.


ZKsync in the Eye of the Storm

ZKsync is an Ethereum L2 solution launched by the Matter Labs team five years ago, using zero-knowledge proof technology to achieve efficient transaction verification. It has raised over $200 million to date. In 2020, ZKsync Lite 1.0 was officially launched. Subsequently, the Matter Labs team improved and optimized it, launching the ZKsync Era mainnet in 2022. This mainnet supports EVM, introduces account abstraction functionality, and is equipped with a complete set of development tools, attracting over 200 projects including Uniswap and 1inch to deploy on the ZKsync Era mainnet.


Previously, rumors circulated that Matter Labs, the development company behind ZKsync, had gone a step further in choosing ZK as the token name by filing trademark applications in nine countries, attempting to make "ZK" Matter Labs' exclusive intellectual property.


This angered the crypto industry. StarkWare, Algorand, Polygon, Polyhedra Network, Kakarot, and several other ZK projects jointly issued a statement condemning Matter Labs' actions.


On June 3, Matter Labs tweeted that after previous discussions, they decided to abandon all trademark applications for the term "ZK". The CEO of Matter Labs stated: "This wasn't an easy decision. It increases legal risks, but the fundamental purpose of ZK is to help humans change the way we collaborate, from 'don't be evil' to 'can't be evil', and I feel this is the right thing to do."


In recent days, ZKsync's airdrop criteria have also sparked community controversy. ZKsync checked every address that had transacted on ZKsync Era and ZKsync Lite according to eligibility criteria to identify genuine users who spent time seriously exploring ZKsync. However, many people found they came up empty-handed after checking their addresses.


As the airdrop is about to begin, phishing attacks may also increase. Here are some key security tips to help you avoid being phished when claiming the ZKsync airdrop:


Ensure you access ZKsync airdrop-related websites through official channels. Any unfamiliar links sent via email or private messages could be phishing sites, so be vigilant.


Check the authenticity of the URL. Before visiting a website, carefully check the spelling and domain name of the URL. Phishing sites often use URLs very similar to official websites to induce users to enter sensitive information.


Do not provide private keys, mnemonics, or any other personal sensitive information to claim the airdrop. If you receive any requests for this information, stop immediately.


ZKsync Ecosystem Security

On June 1, 2024, according to Beosin Alert monitoring, the Velocore project on both ZKsync and Linea chains was attacked multiple times by hackers, resulting in the theft of over ten types of tokens, with the stolen amount exceeding $6.8 million. Currently, the attacker has transferred the stolen funds to the Ethereum chain through cross-chain bridges and has exchanged all the funds for ETH. As of the time of writing, the attacker has transferred all ETH to Tornado.Cash.


Attacker address (ZKsync, Linea):

0x8CDc37eD79C5EF116b9Dc2A53Cb86ACaca3716bF


As the ZKsync ecosystem continues to develop and expand, ensuring its security becomes particularly important. As one of Ethereum's Layer 2 scaling solutions, ZKsync aims to provide more efficient transaction processing capabilities and lower transaction costs. However, with the increase in users and developers, security risks also arise.


In this context, security audits become crucial. Beosin, as a leading blockchain security company, has played a key role in safeguarding the ZKsync ecosystem, providing strong security assurance for projects on ZKsync.


Currently, Beosin has completed the audit of the SyncSwap project's launch protocol. The audit content includes code quality audit, contract logic and security audit, operational model audit, etc. The final audit found that the contract has an issue of excessive management privileges, where the contract owner can withdraw user-deposited assets from the contract before the project launch. The project team is acknowledged of this issue and has stated that they will use a multi-signature wallet to manage the project in the future.


Audit report link: https://beosin.com/audits/SyncSwap_202304231022.pdf


Supporting ZKsync Ecosystem Security and Compliance, Beosin KYT Now Integrates ZKsync Network

To respond to the growing demand for blockchain security and compliance, Beosin KYT has now integrated the ZKsync network. This upgrade aims to provide comprehensive security and compliance support for projects and related exchanges in the ZKsync ecosystem, further promoting the healthy development of the ZKsync ecosystem.


In this context, preventing malicious addresses, identifying high-risk transactions, and conducting effective fund tracking have become key tasks in ensuring the security and compliance of the ZKsync ecosystem. The integration of Beosin KYT is precisely to address these challenges and provide comprehensive security and compliance services.


Malicious Address Query:


Beosin KYT can identify and query malicious addresses in the ZKsync network in real-time. By analyzing on-chain data and historical behavior, the KYT system can quickly flag suspicious addresses, providing timely warnings and risk alerts for project teams and exchanges.


Address Risk Scoring:


For all participants' transaction behaviors in the ZKsync network, the Beosin KYT system provides detailed risk scores. These scores are based on the address's transaction history, fund flow patterns, and interaction behaviors, helping users assess the security and credibility of each address.


STR Report Output:


The Beosin KYT system can generate detailed Suspicious Transaction Reports (STR), covering the background, behavior, and potential risks of transactions. These reports help project teams and exchanges identify and address potential compliance risks, ensuring adherence to relevant regulatory requirements.


On-chain Fund Tracing:


For complex fund flows, Beosin KYT provides powerful on-chain tracing capabilities. Whether it's the source of funds, flow direction, or intermediate transfer paths, the KYT system can provide comprehensive analysis and visual representation, helping users quickly identify abnormal fund flows and take corresponding measures.


Beosin's Research on ZK Technology

Previously, Beosin conducted many in-depth, hardcore studies on ZK technology, such as "ERC-7520 Proposal: zk-SNARK Public Inputs Overflow Protection" and "An In-depth Analysis of zk-SNARK Input Aliasing Vulnerability".


As well as sharing security research analyses of some ZK cases, such as "The analysis of Beosin KYT on the ZKasino Rug for $33 million". Beosin is not only committed to revealing and preventing potential risks in ZK technology but also actively promotes its application and development in actual projects. Through a deep understanding of technologies such as zk-SNARK and zk-Rollups, it provides comprehensive support for developers from theoretical research to practical application.


In the future, as ZK technology continues to evolve and be widely applied, security protection will become increasingly important. Beosin will continue to lead blockchain security research and technological development, helping every blockchain ZK project pursuing excellence to achieve success in the future. Whether it's helping project teams audit smart contracts or providing security and compliance solutions for platforms like ZKsync, Beosin has become a backbone in the field of blockchain security with its deep technical accumulation and innovative capabilities.


As one of the earliest global Web3 security companies engaged in formal verification, Beosin focuses on "security + compliance" full ecosystem business. It has established branches in more than 10 countries and regions worldwide. Its business covers "one-stop" blockchain compliance products + security services, including code security audits before project launch, security risk monitoring and blocking during project operation, stolen fund recovery, virtual asset anti-money laundering (AML), and compliance assessments that meet regulatory requirements in various regions.

Related Project

Related Project Secure Score

Guess you like
Learn More
  • Over $100M Involved and 127 Suspects Detained: Analysis of Turkey's Crypto Ponzi Scheme

    June 17, 2024

  • Crypto regulations in Malaysia - Guidance for 2024

    June 18, 2024

  • Beosin presents its KYT solution for Solana ecosystem at Solana Summit APAC

    July 01, 2024

  • 2024 H1 Global Web3 Security Report, AML Analysis & Crypto Regulatory Landscape

    July 01, 2024

Join the community to discuss.