On April 15, on-chain data recorded abnormal activity on the ZKsync network when 110 million ZK tokens were suddenly minted, of which about 66 million tokens were continuously sold. Notably, according to the current token lockup schedule, all tokens belonging to the development team and investors are still locked, which further raises suspicions of an unauthorized exploit.
Shortly after, ZKsync's security team confirmed that a management wallet was attacked. The hacker took control of this wallet and withdrew ZK tokens worth approximately 5 million USD. These were tokens that users had not yet claimed from the previous airdrop - tokens that were still "sitting" in the claim contract and did not belong to any individual.
The ZKsync project assured that the incident only affected the ZK token airdrop contract and did not affect user funds at all. However, this did not prevent the negative market reaction: the ZK token immediately plummeted more than 15% within just a few hours after the information leaked. ZK token holders (HODLers) are experiencing significant losses as their asset value quickly evaporated.
This incident reveals a security vulnerability in the management of unclaimed tokens - a point often overlooked but potentially harboring significant risks if not strictly controlled. Investors and the community are now demanding that ZKsync provide more detailed information and take measures to enhance security to prevent similar incidents in the future.
