Quickly understand the history and background of various well-known coins

ZKsync Loses $5M in Hack, Unclaimed Tokens Stolen

Coin WorldWednesday, Apr 16, 2025 3:32 am ET

1min read

ZKsync, an Ethereum Layer-2 scaling protocol, has confirmed that a hacker exploited a compromised administrator wallet to steal approximately $5 million worth of ZK tokens. The breach specifically targeted unclaimed tokens from the June 2024 airdrop distribution contracts.

The attack was executed by an individual who gained control of the private key associated with the admin account for three airdrop distribution contracts. Using this key, the attacker called a function named sweepUnclaimed() to mint around 111 million unclaimed ZK tokens, which were then transferred to the attacker’s wallet, 0xb102…d6a8. This wallet currently holds the majority of the stolen tokens.

ZKsync has assured users that the incident is isolated to the airdrop distribution contracts and that the ZKsync protocol, ZK token contract, governance, and capped minting contracts remain secure. The team emphasized that all user funds are safe and have never been at risk.

In response to the breach, ZKsync is actively coordinating with the Security Alliance and several crypto exchanges to track the attacker’s movements and freeze the stolen assets. The protocol has also extended an invitation to the attacker to contact their security team directly to negotiate a return of the stolen tokens and avoid legal consequences. A full post-incident report is expected to be released later in the day.

This incident highlights the ongoing challenges in the crypto space regarding security and the potential vulnerabilities in smart contract administration. As the investigation continues, ZKsync is taking proactive measures to recover the stolen funds and ensure the safety of its users' assets.

Comments

Add a public comment...

Post

CALAND951

04/16

$ZK holders on edge now. Will they recover the stolen tokens or nah? Only time will tell.

rvnmsn

Hacking for fun and profit. This attacker's wallet's got 111M reasons to smile. 😎

EX-FFguy

ZKsync got hacked, $5M gone. But they're playing it cool, inviting the hacker for a chat. Smart move or just desperation? 🤔

mayorolivia

@EX-FFguy Smart move, IMO.

howtospellsisyphus

ZKsync better have a solid plan B, or this could be a major bag holder situation.

gnygren3773

Holding some $ZK, but keeping it tight. This hack's a reminder to always secure those private keys.

Excellent-Win-4625

Airdrops can be risky. ZKsync's learning the hard way that security should never be compromised.

kenton143

@Excellent-Win-4625 True, airdrops can be risky.

Miguel_Legacy

ZKsync's quick response gives me 🤔 confidence in their recovery plan.

rareinvoices

@Miguel_Legacy True, ZKsync moved quick.

EL-Vinci93

Hackers always seem one step ahead. ZKsync needs to tighten up their security real quick.

sniper459

Smart contract admin vulnerabilities are a real issue. ZKsync's quick response might just save their reputation.

Luka77GOATic

ZKsync's got some serious 'plainin' to do. Hope they can track down that attacker and get the bags back.

CarterUdy02

@Luka77GOATic K boss

mattko

ZKsync's got the right attitude, working with exchanges and the Security Alliance. Collaboration is key in these situations.

WellWe11Well

ZKsync's response seems solid. Tracking the attacker's moves and offering a deal. Let's see if it pays off. 🚀

Zurkarak

Smart contract admin vulnerabilities are a real issue, folks.

InjuryIll2998

The crypto world needs better security measures. ZKsync's situation serves as a wake-up call for all of us.

istockusername

$5M hack, yet ZKsync stays calm and coordinates. Respect.

TheOSU87

@istockusername Makes sense