- Hackers cornered $5 million in ZK tokens from ZKsync through a compromised admin wallet.
- It targeted unclaimed tokens from the June 2024 airdrop.
- ZKsync is investigating and coordinating recovery with security partners.
ZKsync, an Ethereum Layer-2 scaling protocol, confirmed Tuesday that $5 million worth of ZK tokens were stolen due to a compromised administrator wallet. The breach targeted unclaimed tokens from the June 2024 airdrop distribution contracts.
How Did the Attacker Steal $5M in ZK Airdrop Tokens?
An update shared by the ZKsync protocol reveals that the breach originated from a compromised private key controlling the admin account for three airdrop distribution contracts.
The attacker used this key to call a function named sweepUnclaimed() and minted approximately 111 million unclaimed ZK tokens directly to the attacker’s wallet, 0xb102…d6a8, which currently holds most of the stolen tokens.
Are ZKsync User Funds Safe After the Hack?
ZKsync noted that the incident is isolated to the airdrop distribution contracts. The ZKsync protocol, ZK token contract, governance, and capped minting contracts were unaffected and remain secure.
“All user funds are safe and have never been at risk,” the ZKsync team stated in its official update.
What is ZKsync Doing to Recover the Stolen Tokens?
The ZKsync security team is coordinating recovery efforts with Security Alliance and several crypto exchanges to track the attacker’s movements and freeze assets.
In a public message, ZKsync also invited the attacker to contact their security team directly [email protected] to negotiate a return and to avoid legal consequences. The team plans to provide a full post-incident report later in the day.
How Did ZK Token Price React to the Exploit News?
Following the breach, the ZK token’s price dropped by over 20% from $0.047 to $0.039 within hours. The price has since recovered slightly and trades around $0.0475, albeit with a 3% drop in the past day.
Related: MANTRA Fights Back: CEO Outlines Recovery Plan and Community Support After OM Crash
This incident is the latest in a series of recent crypto security lapses. In a separate case, Mantra (OM) experienced a 90% price crash within 90 minutes due to suspected insider sell-offs. Story (IP) also fell 20% over 24 hours due to undisclosed internal issues.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
