ZKsync Price Drops 8% After Hackers Spread False SEC Investigation Claims

Hackers exploited a breach in the official X accounts of Ethereum Layer 2 network ZKsync and its developer Matter Labs to spread false claims of a US regulatory investigation and a fake airdrop link. The compromised accounts posted a fabricated statement suggesting that the US Securities and Exchange Commission (SEC) was investigating ZKsync and that the Treasury Department might impose sanctions on the platform. This incident triggered an 8% drop in ZK’s price, despite the token enjoying a strong rally of nearly 35% over the past week.

Matter Labs confirmed the breach stemmed from “compromised delegated accounts” and quickly regained control. The head of communications for Matter Labs, Lynnette Nolan, clarified that the posts were not legitimate and assured the public that both accounts were now securely back under team control. She added that the breach may have been executed through “compromised delegated accounts,” which have limited posting privileges on behalf of the main accounts.

This is the second major breach tied to ZKsync over the past few months. On April 15, a hacker gained access to the platform’s airdrop distribution contract and used an admin function to mint 111 million unclaimed ZK tokens, which were worth around $5 million at the time. That attacker later returned 90% of the tokens, but held on to 10% as a bug bounty.

Meanwhile, Curve Finance, a well-known decentralized finance (DeFi) protocol, also recently issued an urgent warning after its domain name system (DNS) was reportedly hijacked for the second time in a week. In a post that was shared on X on May 12, the Curve team warned users not to interact with the site, as the DNS was rerouting visitors to a malicious page designed to steal funds. This DNS manipulation means that while the official domain name is being used, it is actually pointing to a different IP address under the control of the attackers.

The Curve team confirmed that the website was not technically hacked but was instead pointing to an incorrect IP address due to DNS tampering. They reassured the community that internal security measures like passwords and two-factor authentication were still intact and that the issue appeared to stem from the domain registrar. The team contacted the registrar to address the breach and regain full control. Importantly, Curve also clarified that while the DNS is compromised, its underlying smart contracts are safe and have not been affected.

This latest incident is very similar to a previous attack Curve suffered in August of 2022, where attackers cloned the website and redirected the DNS to a lookalike page that drained users’ wallets. The DeFi protocol warned that the current malicious domain is capable of similarly draining funds from users who unknowingly interact with it.

On-chain security firm Blockaid corroborated the warning, and labelled the situation as a potential front-end attack. Blockaid advised users to avoid signing any transactions or engaging with the DApp until the matter is resolved. They also confirmed that there is ongoing collaboration with Curve and affected partners to mitigate the threat.

This is the second time in just one week that Curve faced a major security issue. On May 5, the protocol’s official X account was hijacked. However, Curve later clarified that the social media breach was isolated and did not affect other accounts or lead to any confirmed financial losses.

Separately, the US government is pushing for a two-year prison sentence for Eric Council Jr., who helped hack the SEC’s X account in January of 2024 to post false Bitcoin ETF approval news. In a filing that was submitted on May 12 in the US District Court for the District of Columbia, prosecutors urged Judge Amy Berman Jackson to impose a sentence that reflects the seriousness of Council’s actions, which briefly disrupted financial markets in January of 2024.

Council pleaded guilty to being part of a coordinated scheme that used a SIM swap attack to gain unauthorized access to the SEC’s official social media account. The fake message posted through the account falsely claimed that spot Bitcoin ETFs were approved, which caused the price of Bitcoin to jump by more than $1,000 before SEC Chair Gary Gensler issued a correction. The official approval came a day later, but the fake announcement already rattled markets and drew widespread attention.

Prosecutors described the attack as a “sophisticated fraud scheme” involving forged identification documents, fraudulent behavior at telecommunications stores, and coordination with co-conspirators in the US and overseas. They believe that Council’s actions merit a serious sentence due to the deliberate and far-reaching nature of the fraud. Council’s court appearance is scheduled for May 16.