ZKP Vulnerability Used to Drain L2 Bridge in Dubai & Hong Kong

WhisperX has obtained intel detailing a sophisticated exploit targeting a prominent L2 bridge protocol, with initial findings pointing to operations originating from entities in Dubai and facilitated by shell corporations in Hong Kong. The attack leveraged a previously undocumented logic flaw within the Zero-Knowledge Proof (ZKP) verification mechanism, allowing attackers to mint illegitimate tokens on the L2 chain and subsequently bridge them back to the mainnet, bypassing standard security checks. The perpetrators, believed to be a syndicate with ties to illicit crypto operations in Russia and North Korea, successfully siphoned an estimated $70 million USD before the vulnerability was patched. This incident highlights the critical need for deeper academic scrutiny and rigorous auditing of ZKP implementations, especially when integrated into high-value cross-chain infrastructure.