Hacker Mints $5M in ZKsync Tokens, Increasing Supply by 0.45%

Coin WorldTuesday, Apr 15, 2025 5:50 pm ET

1min read

On April 15, a hacker successfully compromised an admin account on the ZKsync platform, resulting in the minting of $5 million worth of unclaimed airdrop tokens. The incident was reported by the official ZKsync X account, which emphasized that the attack was isolated and did not affect any user funds.

Following the breach, ZKsync conducted an investigation and disclosed that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, thereby increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.

ZKsync is actively coordinating recovery efforts with the Security Alliance (SEAL). The protocol has assured that its governance and token contracts remain unaffected, and that no further exploits are possible via the “sweepUnclaimed()” vector. ZKsync is an Ethereum layer-2 protocol that processes main-layer transactions in batches using zero-knowledge rollups. The ZKsync Era platform had $57.3 million in total value locked as of April 15. At the time of the incident, ZKsync was in the process of airdropping 17.5% of its token supply to ecosystem participants.

This incident highlights the ongoing challenges in the cryptocurrency space, where security breaches can have significant financial implications. The hacker's ability to exploit administrative functions underscores the need for robust security measures and continuous monitoring of critical accounts and contracts. The fact that the attacker still holds most of the stolen funds indicates the complexity of recovering assets in such incidents.

ZKsync's response, including its coordination with the Security Alliance and the assurance that no further exploits are possible, demonstrates the protocol's commitment to addressing the issue promptly and transparently. The incident serves as a reminder of the importance of security in the decentralized finance (DeFi) ecosystem, where vulnerabilities can be exploited to mint tokens and manipulate supply.

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.