ZKsync Loses $5M in Tokens After Admin Account Compromise

ZKsync, a team focused on Ethereum scaling, recently announced that one of their admin accounts had been compromised, resulting in the theft of over 100 million tokens. The attacker managed to swipe approximately 111 million ZKZK-- tokens, valued at around $5 million. These tokens were part of an unclaimed airdrop that occurred in June of the previous year.

The ZKsync team emphasized that the incident was isolated and that all user funds remained safe and were never at risk. They identified a wallet address believed to be in the attacker’s possession and explained that the perpetrator had called a function in the airdrop contract to mintMIMI-- the unclaimed tokens. The wallet in question had moved over 1,000 ETH two days prior to the incident onto Ethereum’s mainnet. Its first transaction was recorded three days before the breach. As of Wednesday morning, the wallet held $3.7 million in ZK and ETH tokens on ZKsync’s chain and $1.76 million in ETH on Ethereum’s mainnet, indicating a net worth of over $5.5 million.

The exact method by which the account was breached and the identity of the attacker remain unknown. ZKsync co-inventor Alex Gluchowski stated that the team was actively investigating the incident and would publish a full update once the investigation and recovery efforts were complete. Gluchowski also clarified that no code was compromised; instead, an operator key was compromised.

Some users on X have speculated that the breach could be an inside job, although no evidence has been provided to support this claim. Others have alleged that the ZK token is a scam, but these allegations lack substantiation. The ZK token’s price experienced a significant drop shortly after 6:30 am PT, just before the team’s first post about the breach at 6:49 am PT. The token hit an all-time low of $0.041 on Tuesday. By Wednesday morning, ZK’s price had recovered slightly, up roughly 5% in the past 24 hours, but it remained down 30% over the past month.

This incident highlights the vulnerabilities that can exist within admin accounts and the importance of robust security measures to protect against such breaches. The ZKsync team’s prompt response and transparency in addressing the issue are crucial steps in mitigating the impact and restoring user confidence. As the investigation continues, it is essential for the team to provide regular updates and take necessary actions to prevent similar incidents in the future.