EddieJayonCrypto

 15 Apr 25

tl;dr

A compromised admin account linked to ZKsync's airdrop contracts allowed an attacker to mint about $5 million worth of ZK tokens, stealing unclaimed tokens from the initial distribution. The exploit involved minting around 111 million ZK tokens, about 0.45% of the total supply, on April 15. ZKsync c...

ZKsync suffered a significant security breach when its admin wallet was compromised, resulting in the unauthorized minting of approximately $5 million worth of ZK tokens. This exploit allowed the attacker to steal unclaimed tokens from the initial distribution by minting about 111 million ZK tokens, which represents roughly 0.45% of the total supply. The incident occurred on April 15 and was traced to the airdrop contracts, with no impact on the main protocol, governance, token contract, or user funds.

Following the breach, the attacker exchanged $3.5 million of the stolen tokens into Ethereum. ZKsync’s team has initiated recovery efforts in collaboration with exchanges and the blockchain security firm SEAL 911, and they publicly urged the attacker to return the funds to avoid legal repercussions. The vulnerability exploited has since been closed, ensuring the minting method can no longer be used.

The market reacted swiftly, with the ZK token price plummeting 8.6% within 24 hours and an overall loss of nearly 90% of its value since launch. Despite these setbacks, Matter Labs CEO Alex Gluchowski reassured the community, emphasizing the team’s continued commitment to ZKsync and drawing parallels between ZK token’s downturn and broader declines across Ethereum and other layer-2 networks. A detailed post-mortem report and technical update are expected after ongoing security reviews are completed.

This breach has highlighted the critical importance of robust key management practices in smart contract deployments and raised awareness of the risks associated with admin account controls in decentralized platforms. ZKsync remains focused on strengthening its security and navigating the challenges posed by this incident and current market conditions.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 16 Jun 25
 16 Jun 25
 16 Jun 25