A recent hack on the ZKsync platform has left the company reeling, as a hacker managed to compromise an admin account and mint $5 million worth of unclaimed airdrop tokens. The incident, which occurred on April 15, was deemed isolated, with no user funds impacted, according to a statement from ZKsync X.
After conducting an investigation, ZKsync revealed that the compromised account had administrative control over three airdrop distribution contracts. The hacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, resulting in a 0.45% increase in the total token supply. As of the latest update, the attacker still retains control over most of the stolen funds.
The company is now working with the Security Alliance (SEAL) to coordinate recovery efforts. Fortunately, ZKsync stated that its governance and token contracts remain unaffected, and no further exploits are possible using the “sweepUnclaimed()” vector.
ZKsync is known for being an Ethereum layer-2 protocol that processes main-layer transactions in batches through zero-knowledge rollups technology. As of April 15, the ZKsync Era platform has $57.3 million in total value locked, as reported by DefiLlama. The platform had been in the midst of airdropping 17.5% of its token supply to various ecosystem participants prior to the hack.
Following the security breach, ZKsync’s native token, ZK (ZK), experienced significant price fluctuations. The token dropped by 16% to $0.040 at around 1:00 pm UTC, before rebounding to $0.047 at the time of writing. Despite the recovery, ZK remains down 7% in the past 24 hours, showcasing the impact of the hack on investor sentiment.
This incident adds to the growing trend of crypto-related hacks in recent years. In the first quarter of 2025 alone, $2 billion has been lost to such malicious activities, almost reaching the total amount lost in 2024. These incidents highlight the ongoing challenges faced by the crypto industry in terms of security and the protection of user funds.
In conclusion, the ZKsync hack serves as a stark reminder of the vulnerabilities present in the crypto space and the importance of robust security measures to safeguard users’ assets. As the industry continues to evolve and expand, addressing these security concerns will be crucial to building trust and ensuring long-term sustainability.