Hacker Mints $5M in ZK Tokens After Compromising ZKsync Admin Account
A shocking incident has unfolded in the cryptocurrency world, as a hacker successfully compromised an admin account on the ZKsync platform, resulting in the minting of $5 million worth of unclaimed airdrop tokens.
The attack occurred on April 15, when the attacker exploited an administrative control over three airdrop distribution contracts. The compromised account, which held significant authority over the distribution of tokens, was used to call the "sweepUnclaimed()" function. This allowed the hacker to mint a staggering 111 million unclaimed ZK tokens, thereby increasing the total token supply by approximately 0.45%.
The security breach has left the ZKsync community reeling, as it is unclear when or if the stolen funds will be recovered. According to the official statement from the ZKsync X account, no user funds were affected, and the company is working closely with the Security Alliance (SEAL) to rectify the situation.
ZKsync is a highly specialized Ethereum layer-2 protocol that processes main-layer transactions in batches using a technology called zero-knowledge rollups. The platform's total value locked stands at $57.3 million, as of April 15, according to DefiLlama. Despite this significant investment, the project has been vulnerable to security breaches, highlighting the need for increased vigilance and robust cybersecurity measures.
It is worth noting that ZKsync had been in the process of airdropping 17.5% of its token supply to ecosystem participants prior to the hack. However, this incident serves as a stark reminder of the importance of security protocols and the potential consequences of neglecting them.
The Aftermath: Token Price Volatility
Following the public disclosure of the hack, the value of ZKsync's token, ZK (ZK), has experienced significant price fluctuations. The token initially dropped by 16% to $0.040 before rebounding to $0.047 at the time of writing. Despite this bounce, ZK remains down 7% over the past 24 hours.
The incident has also highlighted the ongoing issue of cryptocurrency hacks and security breaches. With $2 billion lost in crypto hacks so far in 2025, just $300 million less than the total lost in 2024, it is clear that this is an issue that requires urgent attention from the industry.
Coordinated Recovery Efforts Underway
ZKsync is taking proactive steps to recover the stolen funds and mitigate any potential future exploits. The company's coordination with the Security Alliance (SEAL) is a testament to its commitment to addressing this critical issue.
According to ZKsync, no further exploits are possible via the "sweepUnclaimed()" vector, suggesting that measures have been put in place to prevent similar breaches in the future. While the road ahead will be challenging, it remains to be seen how effectively these recovery efforts will succeed in restoring the stolen funds.