A recent cyber attack on ZKsync, a popular Ethereum layer-2 protocol, resulted in a hacker compromising an admin account and minting $5 million worth of unclaimed airdrop tokens. The incident, which took place on April 15, was disclosed by the official ZKsync X account, stating that the attack was isolated and did not affect any user funds.

Further investigation revealed that the compromised account had control over three airdrop distribution contracts within ZKsync. The hacker exploited a function known as sweepUnclaimed() to mint 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. As of the latest update, the attacker still maintained control over the majority of the stolen funds.

In response to the breach, ZKsync is collaborating with the Security Alliance (SEAL) to coordinate recovery efforts. The company assured its community that the governance and token contracts of the protocol remain unaffected, and no further exploits are possible through the sweepUnclaimed() vector.

ZKsync is known for its innovative technology called zero-knowledge rollups, which processes main-layer transactions in batches on the Ethereum network. As of April 15, the ZKsync Era platform had a total value locked of $57.3 million, according to DefiLlama. The protocol had been in the process of distributing 17.5% of its token supply to ecosystem participants through an airdrop program.

Following the hack, ZK token (ZK) experienced significant price fluctuations in the market. The token initially dropped 16% to $0.040 but later rebounded to $0.047 at the time of reporting, marking a 7% decrease over the past 24 hours.

The incident at ZKsync adds to the growing trend of cyber attacks targeting the crypto industry. According to reports, over $2 billion has been lost to crypto hacks in the first quarter of 2025 alone, which is only $300 million less than the total amount lost in the entire year of 2024.

As the crypto space continues to evolve, security measures and protocols are crucial to safeguarding digital assets and maintaining trust within the community. The ZKsync incident serves as a reminder of the importance of robust cybersecurity practices in the fast-paced world of decentralized finance.

Source: https://cointelegraph.com/news/zksync-hacker-steals-5m-airdrop-tokens?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound