ZKsync's Official Accounts Hacked, Token Price Drops 5%

On May 13, 2025, the official X accounts of ZKsync, an Ethereum scaling solution, and its developer, Matter Labs, were compromised in a sophisticated attack. The hackers used these accounts to spread false regulatory warnings and malicious airdrop links, aiming to manipulate the market and crash the ZK token price. The attackers published fake claims that ZKsync was under investigation by the US Securities and Exchange Commission (SEC) and warned about possible Treasury Department sanctions. These false regulatory warnings were designed to create panic among investors and traders, leading to a swift market reaction. The ZK token price dropped approximately 5% following the hack, trading around $0.07, despite a recent rally of nearly 38.5%.

Market commentator Harrison Leggio, co-founder of g8keep, noted the unusual nature of the attack, suggesting that the attackers may have been more interested in manipulating market sentiment than direct theft. Shortly after the regulatory misinformation, the hackers published a second post promoting a fake ZK token airdrop, which included phishing links designed to drain users’ wallets. According to Matter Labs communications head Lynnette Nolan, the breach likely occurred through “compromised delegated accounts,” which have limited posting privileges on behalf of the main accounts. These accounts have since been disconnected, and an internal investigation is underway to determine the full extent of the compromise. The ZKsync team quickly deleted all malicious tweets after regaining control of the accounts.

This social media breach represents the second significant security incident for ZKsync in less than a month. On April 15, 2025, an attacker exploited admin access to the platform’s airdrop distribution contract and minted 111 million unclaimed ZK tokens worth approximately $5 million. That earlier incident was eventually resolved when the hacker agreed to return 90% of the stolen tokens, keeping the remaining 10% as a self-declared bounty. The return was completed on April 23, with the hacker transferring nearly $5.7 million across three transactions to the ZKsync Security Council. The back-to-back breaches have raised serious questions about ZKsync’s security practices and protocols. While the April incident was isolated to the airdrop distribution contract, and no user funds were compromised, the recurring nature of security failures may damage trust in the platform.

These incidents come at a time when crypto security breaches are becoming increasingly common. The recurring security failures at ZKsync highlight the broader challenges faced by the crypto industry in maintaining robust security measures. The platform’s ability to recover from these incidents and implement stronger security protocols will be crucial in restoring investor confidence and ensuring the long-term viability of the project. The ZKsync team has stated that both accounts are now fully back in their control and that they are looking into how the accounts were hacked. The team believes the hack was through compromised delegated accounts, and all delegated accounts and connected apps have been disconnected. The team has also deleted any malicious content posted during the breach. The ongoing investigation aims to determine the full extent of the compromise and prevent future security incidents.