ZKsync Hit by Hack—$5M in Airdrop Tokens Stolen
A malicious breach of ZKsync’s admin credentials led to a $5M token theft and a steep drop in ZK’s price. The protocol confirms no end-user funds were impacted.
ZKsync just took a major hit.
The team admitted that a key admin account used for managing airdrops was hacked—opening the door for $5 million in unclaimed tokens to be drained. The exploit tanked ZK’s price and sent panic through the community, leaving many questioning how secure the system really is.
ZKsync has stated that user assets remain completely secure. The incident was isolated to an official airdrop wallet and did not impact personal accounts.
An active investigation is in progress, with both internal teams and third-party cybersecurity experts involved. The company is committed to resolving the issue and restoring trust in the platform.
Check this out: KiloEx Exchange Suffers $7.5M Loss in Hacker Attack: What Happened
What Happened
The breach stemmed from the compromise of an admin account, allowing the attacker to access three airdrop contracts. Officials confirmed that only the operator key was affected, while the smart contract codebase itself remained secure.
Using the sweepUnclaimed() function, the attacker altered token balances, resulting in an unverified issuance of 111 million tokens—boosting the circulating supply by 0.45%. The sudden increase fueled inflation fears and drove the token’s market value sharply downward.
CoinGecko charts show ZK tanked 20% right after the exploit. But the token’s staging a comeback—on WhiteBIT, it's now down just 3% for the day.
Related: ZKsync Terminates Ignite Rewards Program Amid Market Volatility
Response Measures and Remediation Efforts
After the breach, Matter Labs—the team behind Ethereum Layer-2 protocol ZKsync—launched a multi-front response. On X, CEO Alex Gluchowski noted that a full update will follow the investigation’s conclusion and restoration of internal systems.
To recover the $5M in stolen tokens, the team is partnering with Security Alliance and cooperating with exchanges. They’re also in direct negotiation with the attacker, offering a bounty deal to incentivize the return of the assets.
Very important: no code was compromised — an operator key was compromised. This is why ZK is the Endgame. Trust math, not operators,
shared Alex Gluchowski, CEO of Matter Labs, the team behind ZKsync.
It’s a sign of the times—hacker activity across crypto is ramping up fast. Cybercrime losses have already hit $2 billion in Q1 2025, trailing last year’s total by just $300 million. Still, Matter Labs is standing firm: the core protocols of ZKsync are secure, and that’s what matters most to their users and backers.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
