A hacker stole about $5 million worth of ZK tokens from ZKsync, a layer-2 scaling solution for Ethereum.
The theft happened because an admin account linked to the airdrop contract was compromised.
ZKsync said user funds are safe and the main protocol wasn’t affected.
The Attack and Its Impact
The attacker took control of unclaimed tokens from ZKsync’s airdrop.
This caused the ZK token price to drop by 20% shortly after the incident.
Later, the price stabilized but still ended the day down about 15%.
The ZK token was launched in June 2024 with a total supply of 21 billion units.
ZKsync, developed by Matter Labs, faced criticism for its airdrop distribution,
with some users claiming it unfairly benefited certain groups.
The team acknowledged the issues but defended their approach.
This latest incident adds pressure on ZKsync to strengthen its security measures.
Investigation and Future Measures
The key points about the incident and its aftermath are:
- ZKsync is still investigating the attack and plans to release a detailed report.
- A compromised admin key was used to gain unauthorized access to the airdrop contract.
- The crypto community is calling for greater transparency and better security protocols.
- ZKsync needs to restore market trust and prevent similar incidents.
This security breach highlights the risks of centralized control in managing important contracts.
While only unclaimed tokens were affected, the price drop and security concerns may have lasting effects on ZKsync’s public perception.
Notably, this incident occurred on the same day KiloEx reported $7.5 million in losses due to an oracle manipulation attack.
ZKsync is expected to provide more details on the attack and its mitigation plans.