Best crypto insights delivered straight to your inbox.
- ZKsync confirms that approximately $5 million in airdrop tokens were stolen due to a compromised admin account.
- However, the company says the exploit has been contained, and no further attacks are possible.
- The incident has triggered a strong backlash from the community, with accusations of mismanagement and frustration over the stolen tokens.
Ethereum layer 2 protocol ZKsync has confirmed that approximately $5 million worth of airdropped tokens were stolen following the compromise of an administrator account, sparking concerns over the security of token distribution processes within the rapidly evolving zk-rollup space.
The stolen funds were the “remaining unclaimed tokens from the ZKsync airdrop,” the project wrote on X before saying that “necessary security measures are being taken.”
The firm said the incident was isolated, initiated using a compromised key, and limited to the ZK Token airdrop contract. While the hack could only reach the airdrop reserve, it resulted in a fast sell-off that led to a dramatic price drop of the token. Since the incident was announced, the ZK token has fallen 15%.
After the attack, ZKsync noted that it was taking safety measures to address the issue. The company said on X that it had begun an internal investigation.
Admin account breach triggers unauthorized minting of 111M ZK tokens
In a recent update, ZKsync disclosed that the admin account overseeing three airdrop distribution contracts had been compromised. The affected wallet address has been identified as 0x842822c797049269A3c29464221995C56da5587D.
According to the X post, the attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts.
The incident was limited solely to the airdrop distribution contracts, and all tokens that could be minted through the compromised method have already been minted. ZKsync confirmed that no additional exploits of this nature are possible.
The company continued to say that the ZKsync protocol, ZK token contract, all three governance contracts, and all active Token Program capped minters have not been and will not be affected by the incident. ZKsync says the attacker still holds the majority of funds on this account.
The attacker has been urged to contact [email protected] to discuss the potential return of the stolen funds to avoid legal consequences.
Community erupts, accuses ZKsync of mismanagement
The incident has sparked outrage among community members who were expecting to receive a portion of the ZKsync airdrop—a major milestone for the zk-rollup project, which aims to scale Ethereum with low-cost, high-speed transactions.
“The same tokens you all couldn’t give the community…A good way to exit, though.. no need for this English, just sell and move on,” one user replied to the company’s X post.
Another user accused ZKsync of selling and just trying to play it off. One user identified as @TheBrownGentYT asked why this never happens with their salaries but only with funds allocated for users and the community. The user continued to say that everyone knew what had happened.
The ZKsync team has requested patience from the affected parties as they coordinate the recovery efforts with Security Alliance and exchanges.
If you're reading this, you’re already ahead. Stay there with our newsletter.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Nellius Irene
Nellius is a Business Management and IT graduate with five years of experience in the cryptocurrency industry. She is also a graduate of Bitcoin Dada. Nellius has contributed to leading media publications, including BanklessTimes, Cryptobasic, and Riseup Media.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)