A recent hacking incident saw a ZKsync admin account compromised on April 15, resulting in the minting of $5 million worth of unclaimed airdrop tokens, as reported by the official ZKsync X account. The attack, described as isolated, did not impact user funds, providing a sense of relief to users of the platform.
After conducting an investigation, ZKsync revealed details of the breach on April 15, explaining that the compromised account had control over three airdrop distribution contracts. The hacker took advantage of a function known as sweepUnclaimed() to create 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. Despite ongoing efforts, the hacker still retained control over the majority of the stolen funds.
ZKsync has since been working closely with the Security Alliance (SEAL) to coordinate recovery efforts. Fortunately, the governance and token contracts of the protocol were left unaffected by the breach, with ZKsync ensuring that no further exploits can occur through the “sweepUnclaimed()” vector.
As an Ethereum layer-2 protocol utilizing zero-knowledge rollups to process main-layer transactions in batches, ZKsync plays a crucial role in the DeFi ecosystem. The ZKsync Era platform has a total value locked of $57.3 million as of April 15, according to DefiLlama. Notably, ZKsync was in the midst of distributing 17.5% of its token supply to ecosystem participants before the hack occurred.
Following the breach, the price of ZKsync’s token, ZK (ZK), experienced significant volatility in trading. Initially dropping 16% to $0.040, the token managed to rebound to $0.047 at the time of writing. Despite this recovery, ZK remains down 7% over the past 24 hours, reflecting the impact of the hack on investor sentiment.
In the broader context of the crypto ecosystem, the first quarter of 2025 has seen a total of $2 billion lost to various hacking incidents, signaling an ongoing challenge for the industry. This figure is slightly lower than the total amount lost in 2024, highlighting the persistent threat posed by malicious actors in the digital asset space.
The aftermath of the ZKsync hack serves as a reminder of the importance of robust security measures in safeguarding user funds and maintaining trust within the DeFi community. As the industry continues to evolve and attract more capital, addressing vulnerabilities and enhancing security protocols will be crucial in mitigating the risks associated with cyber attacks.