ZKsync Faces $5M Token Theft, Price Drops 8.6%
2min read ZKsync, a prominent layer-2 scaling solution for Ethereum, recently faced a significant security breach when an admin wallet connected to its airdrop contracts was compromised. The attacker executed a transaction that minted approximately $5 million worth of ZK tokens, effectively stealing the remaining unclaimed allocation from the network’s first token distribution. The incident occurred on April 15, with the attacker issuing around 111 million ZK tokens, which constitutes roughly 0.45% of the protocol’s total token supply.
The exploit was confined to the airdrop distribution contracts and did not affect the ZKsync protocol, the ZK token contract, governance infrastructure, or any capped minters associated with the Token Program. ZKsync emphasized that user funds were never at risk and described the incident as isolated, resulting from a compromised private key controlling the affected admin account. The attacker has already swapped $3.5 million of the stolen ZK tokens to Ethereum (ETH), as indicated by on-chain data.
In response to the breach, ZKsync’s team has initiated recovery efforts in coordination with exchanges and blockchain security firm SEAL 911. The team also issued a public call for the attacker to contact them to negotiate a return of the funds and avoid legal consequences. According to the team’s forensic investigation, the exploiter can no longer mint tokens using the same method. The incident has not impacted protocol-level operations or the security of ongoing governance activities. After internal reviews and recovery actions conclude, the project will release a full post-mortem.
Following the incident, the ZK token experienced a significant drop, falling by 8.6% over the past 24 hours and trading at $0.04513 as of the latest update. Since its launch, the token has lost nearly 90% of its value, a fact that has raised concerns among community members. In response, Matter Labs CEO Alex Gluchowski addressed these concerns on social media, stating that the drawdown is comparable to Ethereum and other layer-2 networks amid the broader market correction. Gluchowski emphasized his and Matter Labs' commitment to the mission and success of ZKsync, noting very bullish signs from the new leadership of the Ethereum Foundation. He also pledged to continue answering public inquiries about the incident while the investigation remains active. ZKsync reiterated that they will share a technical update once they finish an ongoing security analysis.
Despite the limited scope of the unauthorized minting, the incident has temporarily inflated the circulating supply and prompted increased scrutiny of key management practices within ZKsync’s smart contract deployments. The breach highlights the importance of robust security measures and the potential vulnerabilities in admin wallet management within decentralized finance (DeFi) protocols. As ZKsync works to recover from this incident, the community and stakeholders will be closely monitoring the protocol's response and the steps taken to prevent similar breaches in the future. 
