ZKSync Hack: $5M in Tokens Stolen
ZKSync Suffers $5 Million Hack
On April 15th, a hacker compromised a ZKSync administrator account, resulting in the minting and theft of $5 million worth of unclaimed ZK airdrop tokens. ZKSync confirmed the incident on its official X account, emphasizing that the attack was isolated and no user funds were affected.
The investigation revealed the attacker exploited the sweepUnclaimed() function within three compromised airdrop distribution contracts. This allowed the minting of 111 million unclaimed ZK tokens, a 0.45% increase in the total token supply. At the time of writing, the majority of the stolen funds remain in the attacker's control.
ZKSync is actively collaborating with the Security Alliance (SEAL) to recover the stolen funds. The protocol maintains that its governance and token contracts are unaffected, and the vulnerability exploited via sweepUnclaimed() has been patched, preventing further exploitation.
Impact and Response
The ZK token (ZK) experienced price volatility following the disclosure, initially dropping 16% before partially recovering. At the time of writing, ZK is down approximately 7% in the past 24 hours. This incident highlights the ongoing risks in the DeFi space, particularly concerning the security of administrative accounts.
ZKSync, an Ethereum layer-2 scaling solution using zero-knowledge rollups, had $57.3 million in Total Value Locked (TVL) as of April 15th, according to DefiLlama. The platform was in the process of distributing 17.5% of its token supply as an airdrop to ecosystem participants at the time of the attack.
The Broader Context
This attack comes amidst a period of significant losses due to crypto hacks. $2 billion in cryptocurrency was lost to hacks in Q1 2025 alone, underscoring the importance of robust security practices within the blockchain ecosystem.
Codeum, a leader in blockchain security and development, offers a comprehensive suite of services to mitigate such risks, including smart contract audits, custom smart contract and DApp development, and tokenomics and security consultations. Contact us today to secure your project.