On April 15, a hacker infiltrated the admin account of ZKsync, creating 5 million USD of unclaimed ZK tokens from the airdrop, according to the announcement from the project's official X account. This attack was described as isolated and did not affect user assets.
After investigation, ZKsync revealed that the infiltrated account had admin rights for three airdrop distribution contracts. The attacker exploited the sweepUnclaimed() function to create 111 million unclaimed ZK tokens, increasing the token supply by 0.45%. As of the latest update, the attacker still controls most of the stolen funds.
The team is collaborating with the Security Alliance (SEAL) to address the situation. According to the protocol, ZKsync's admin and token contracts were not affected. The company affirmed that no additional vulnerabilities could be exploited through the "sweepUnclaimed()" method.
ZKsync is a layer-2 protocol on Ethereum, processing main layer transactions using zero-knowledge rollup technology. The ZKsync Era platform currently has a total locked value of $57.3 million as of April 15, according to data from defillama. ZKsync is conducting an airdrop of 17.5% of its total token supply to ecosystem partners.
ZKsync's token, ZK, has experienced significant price volatility following the hack and the project's public announcement on X. Around 8 PM on 04/15/2025, the token dropped 16%, falling to $0.04. Despite some recovery, ZK remains down 7% over the past 24 hours.
Follow CoinMoi to stay updated on the HOTTEST crypto market issues!!!
The article Hacker mint $5 million $ZK after infiltrating ZKsync admin account first appeared on CoinMoi.
