ZKsync's Token Drops 8% After Hackers Spread False SEC Investigation Claims

In the early hours of May 13, the official X accounts of ZKsync, an Ethereum Layer 2 network, and its developer Matter Labs were compromised. Hackers exploited this breach to disseminate false claims that the platform was under investigation by US regulators. The compromised accounts shared links to a fake airdrop, an apparent phishing attempt, and posted a fabricated statement suggesting that the US Securities and Exchange Commission (SEC) was investigating ZKsync and that the Treasury Department might impose sanctions on the platform.

ZKsync swiftly confirmed the breach through a related X account and warned users not to engage with any posts or links. Lynnette Nolan, Matter Labs’ head of communications, clarified that the posts were not legitimate and assured the public that both accounts were now securely back under team control. She added that the breach may have been executed through “compromised delegated accounts,” which have limited posting privileges on behalf of the main accounts.

The incident triggered a 2% drop in the price of ZKsync’s native token, ZK, within an hour, and an 8% decline over the day, trading around $0.07. This drop occurred despite the token enjoying a strong rally of nearly 35% over the past week. Crypto community members, including g8keep co-founder Harrison Leggio, took to X to comment on the unusual nature of the hack, pointing out that the attackers opted to spread fear instead of directly stealing funds.

This is the second major breach tied to ZKsync over the past few months. On April 15, a hacker gained access to the platform’s airdrop distribution contract and used an admin function to mint 111 million unclaimed ZK tokens, which were worth around $5 million at the time. That attacker later returned 90% of the tokens, but held on to 10% as a bug bounty.

The attackers initially used the hacked accounts to stir panic. In one now-deleted post, they falsely claimed ZKsync was under investigation by the U.S. Securities and Exchange Commission and warned of possible sanctions from the Treasury Department. Shortly after, the hackers published a second post promoting a fake ZK token airdrop, which included a phishing link designed to drain users’ wallets. The post was live for a few minutes before the team managed to take it down.

While it’s still unclear how many users may have clicked the link, ZKsync has yet to confirm whether any losses were reported. The attackers' actions raised concerns about the platform’s internal security processes, as this is the second major security lapse in less than a month. The previous incident involved an attacker exploiting admin access to the platform’s airdrop distribution contract and minting 111 million unclaimed ZK tokens, worth approximately $5 million at the time. The attacker later returned 90% of the stolen tokens, keeping the remaining 10% as a self-declared bounty.

This incident highlights the ongoing challenges faced by blockchain platforms in securing their systems against sophisticated attacks. The breach underscores the importance of robust security measures and the need for continuous vigilance in the rapidly evolving landscape of decentralized finance. As the investigation into the breach continues, ZKsync and Matter Labs are working to restore user confidence and prevent similar incidents in the future.