ZKsync Hit by $5M Hack After Compromised Account Exploited

By Sophie Dubois

Just last week, hackers stole around $5 million worth of ZKsync’s native ZK crypto, raising alarm bells among crypto insiders. In this case, a compromised administrative account was the key that opened the door. This provided the attackers the opportunity to take control of unregistered tokens from a recent airdrop. ZkSync, a popular layer-2 blockchain created to help increase transaction speeds on Ethereum’s network, has promised users that their money is entirely secure. Specifically, they stated that user funds were never endangered. The project’s native ZK token plummeted in response to the news, dropping to nearly $0.04. It subsequently pulled off a mild upsurge, hovering at around $0.05.

Details of the Attack

The hack, which occurred in February, involved hackers minting new ZK tokens by exploiting the technology behind the project's airdrop. ZKsync acknowledged the breach in a post on X. In their update, they confirmed that the breach did not impact users’ funds – rather, it went for unclaimed tokens from the airdrop. That compromised administrative account provided the attackers access, giving them the ability to mint new tokens and make off with the theft.

All user funds are safe and have never been at risk. - ZKsync

Token Performance and Market Reaction

Immediately after the news of the exploit, ZK token saw a massive price fluctuations. According to crypto data provider CoinGecko, the token’s value fell by 8% in a 24-hour period. That price drop is an indication of how sensitive the market is to security breaches and the halo effect these breaches will have on investor confidence. Unexpectedly, the token has performed well under the circumstances, bouncing back from its all-time low.

This event serves as a wake-up call to the dangers always associated with digital assets. It brings to the fore the alarmingly weak state of security efforts. Additionally, ZKsync reassured users that its protocol and ZK token contract are safe. This breach is a reminder of the vulnerability of administrative accounts and potential for exploitation.

ZKsync's Response and Security Measures

In the wake of the breach, ZKsync has announced a plan of action to help mitigate the breach and reassure its users.

This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract. - ZKsync

The company reiterated that the case was isolated and contained to the ZK Token airdrop contract itself. ZKsync could not be reached for comment by Decrypt at press time.

Sophie Dubois

Ethereum Features Editor

Sophie Dubois, based in Paris, brings a pragmatic and emotionally intelligent approach to Ethereum reporting. Her technical knowledge, direct style, and engaging perspective bridge tradition and disruption, making complex blockchain topics relatable to diverse audiences.