ZKsync's X Accounts Hacked, False SEC Claims Spread

On May 13, the X accounts of ZKsync, an Ethereum layer 2 network, and its developer Matter Labs were compromised. Hackers posted false claims that the network was under investigation by US authorities, aiming to crash the ZK token. The compromised accounts shared links to a fake airdrop, attempting to phish users. Other X users had previously warned that the ZKsync X account was compromised. The hacked accounts posted a fake statement claiming that ZKsync was under investigation by the US Securities and Exchange Commission and that the Treasury Department could impose sanctions on the platform.

Matter Labs communications head Lynnette Nolan confirmed that the now-deleted X post was not legitimate and that both accounts were back under the team's control. The fake statement appeared to be an effort to crash the price of the platform’s self-titled token, ZK. The SEC has investigated crypto companies in the past, and many of these firms have chosen to publicly disclose when they’ve been investigated by the regulator.

Nolan said the firm was looking into how the X accounts were breached, and believed it was via “compromised delegated accounts,” which allow users limited access to an X account, allowing them to post on its behalf. This is the second compromise of ZKsync-controlled platforms since April. On April 15, an attacker breached the admin account of ZKsync’s airdrop distribution contract and used a function to mintMIMI-- 111 million unclaimed ZK tokens, worth approximately $5 million at the time. The hack happened amid the platform handing out 17.5% of ZK’s supply to ecosystem participants. The attacker later returned 90% of the stolen tokens, agreeing to keep 10% as a bounty.

This incident highlights the vulnerability of social media accounts to hacking attempts, particularly those with significant influence in the cryptocurrency community. The false claims of an SEC investigation and potential sanctions from the Treasury Department were likely intended to create panic and drive down the value of the ZK token. The swift response from Matter Labs in regaining control of the compromised accounts and confirming the legitimacy of the situation helped mitigate the potential damage.

The incident also underscores the importance of security measures for delegated accounts, which allow users limited access to post on behalf of an organization. The breach via compromised delegated accounts suggests that there may be gaps in the security protocols that need to be addressed to prevent similar incidents in the future.

This is not the first time ZKsync has faced security challenges. In April, an attacker breached the admin account of ZKsync’s airdrop distribution contract, minting 111 million unclaimed ZK tokens worth approximately $5 million. The attacker later returned 90% of the stolen tokens, keeping 10% as a bounty. This previous incident serves as a reminder of the ongoing security risks in the cryptocurrency space and the need for robust security measures to protect against such threats.