ChainLight saved zkSync Era from $1.9B exploit

Exploiting the bug would have required the highest levels of security privileges across zkSync Era’s infrastructure

by Bessie Liu /
article-image

Alexander56891/Shutterstock modified by Blockworks

share

Blockchain security audit firm ChainLight identified a vulnerability in the zkSync Era protocol that, if exploited, could have led to a potential loss of $1.9 billion.

The bug was found in zkSync Era’s zk-circuits. These circuits are designed to validate the correctness of transaction data without exposing sensitive details about the counterparties involved.

A blog post from ChainLight detailed that the bug could have allowed a malicious actor to manipulate transactions within a block and still have them verified as accurate. This would have led to layer-1 smart contracts accepting these proofs, unaware of the manipulated transaction values they contained.

Had the attack been successful, the malicious prover could have drained 100,000 ether (ETH), worth an estimated $1.9 billion at the time of disclosure.

Despite this, zkSync Era had many security layers in place. These would have made it difficult for anyone to actually execute the exploit unless they were part of Matter Labs, the infrastructure team behind zkSync Era.

Read more: Security firms track FTX exploiter through Bitcoin mixer

Anton Astafiev, head of security at Matter Labs, told Blockworks that exploiting this bug would have required the highest level of security privilege across its infrastructure.  

An attacker would have needed to either access the protocol’s backend in order to directly inject the malicious code, or gain access to its validator private key used for signing blocks. They would also have had to endure a mandatory 21-hour waiting period before extracting any funds due to an execution delay.

“What’s more, the bug found is related to our old prover and not the current Boojum, meaning the code will soon enough be completely obsolete and retired,” Astafiev said.

After being made aware of the critical bug, ChainLight noted in an X post that the Matter Labs team had quickly reacted to the report, and fixed the issue. 

The ChainLight team was awarded 50,000 in USDC for discovering the bug.

“This bug in particular was not formally part of the existing bug bounty programs or public contest. When we receive out-of-scope findings, we always assess them based on real-world impact to determine their importance and the corresponding reward,” Astafiev said.

Astafiev noted that the Matter Labs team is looking forward to continued collaboration with ChainLight and other security-focused organizations. 

“These types of findings are healthy reminders of why multi-layer defense architectures like the ones Matter Labs implemented for zkSync are so critically important; no single layer of protection is ever perfectly secure, which is why there can be no single point of failure,” he said.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Digital Asset Summit 2025

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Unlocked by Template.jpg

Research

Bitcoin Expressivity with BitcoinOS

The BitcoinOS team is the first to have developed and posted a ZK-compressed proof on the Bitcoin network. Other proof verification efforts have been limited to the Signet or testnet deployments. Their work has resulted in the development of BitSNARK, a software library for ZK-compressed fraud proofs on the Bitcoin network. The project aims to provide a horizontal scaling solution, offering a one-stop shop for teams interested in developing a rollup on Bitcoin. This approach shares similarities with the horizontal tech stack scaling in other ecosystems like Cosmos and Optimism, particularly in its focus on simplified verification, bridging standards, and lightweight interoperability.

by 0xMims

/

news

article-image

Analysis

Crypto monthly active addresses are hitting all-time highs: A16z

A16z’s State of Crypto report shows that DeFi has the largest number of daily active addresses, with stablecoins following closely behind

by Katherine Ross /
article-image

DeFi

Conduit sees path to gigagas throughput with new sequencer

G2 is delivering real-world performance breakthroughs at 50-100 Mgas/s, Conduit says

by Macauley Peterson /
article-image

Analysis

Memecoin conceived by AI trumps Trump-linked token sale

World Liberty Financial’s token sale debuted just as an absurd AI-fueled memecoin captured crypto’s attention

by David Canellis /
article-image

Empire Newsletter

World Liberty Financial’s presale overshadowed by memecoin-shilling AI

Plus, would crypto be better out of the limelight?

by Katherine Ross&David Canellis /
article-image

Policy

Coinbase continues with SEC lawsuit over denied FOIA request 

Coinbase hired History Associates in 2023 to assist in retrieving records from the SEC and FDIC

by Casey Wagner /
article-image

Forward Guidance Newsletter

VP Harris’s latest crypto comments fall short on details

Hours after pledging to support Black men’s rights to safely invest in crypto, VP Harris’s Monday night speech mentioned blockchain zero times

by Casey Wagner&Ben Strack /