Hacker Mints $5M in ZKsync Tokens, Increasing Supply by 0.45%

On April 15, a hacker successfully compromised an admin account on the ZKsync platform, resulting in the minting of $5 million worth of unclaimed airdrop tokens. The incident was reported by the official ZKsync X account, which emphasized that the attack was isolated and did not affect any user funds.

Following the breach, ZKsync conducted an investigation and disclosed that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, thereby increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.

ZKsync is actively coordinating recovery efforts with the Security Alliance (SEAL). The protocol has assured that its governance and token contracts remain unaffected, and that no further exploits are possible via the “sweepUnclaimed()” vector. ZKsync is an Ethereum layer-2 protocol that processes main-layer transactions in batches using zero-knowledge rollups. The ZKsync Era platform had $57.3 million in total value locked as of April 15. At the time of the incident, ZKsync was in the process of airdropping 17.5% of its token supply to ecosystem participants.

This incident highlights the ongoing challenges in the cryptocurrency space, where security breaches can have significant financial implications. The hacker's ability to exploit administrative functions underscores the need for robust security measures and continuous monitoring of critical accounts and contracts. The fact that the attacker still holds most of the stolen funds indicates the complexity of recovering assets in such incidents.

ZKsync's response, including its coordination with the Security Alliance and the assurance that no further exploits are possible, demonstrates the protocol's commitment to addressing the issue promptly and transparently. The incident serves as a reminder of the importance of security in the decentralized finance (DeFi) ecosystem, where vulnerabilities can be exploited to mint tokens and manipulate supply.