Hackers steal $5M from ZKsync — token drops 20%

Hackers exploited a vulnerability in the ZKsync airdrop contract, stealing approximately $5 million worth of tokens. The incident caused the price of the project’s token to plummet nearly 20%.

Compromised Admin Account

The ZKsync Layer 2 security team detected that an administrator account connected to the airdrop contract had been compromised. The attacker gained access to a portion of unclaimed tokens and drained assets worth around $5 million.

The team emphasized that user funds remain safe and confirmed that neither the ZKsync protocol nor the main ZK token contract was affected. “No other ZK tokens are at risk. We’ve already taken all necessary security measures,” representatives stated.

Token Price Takes a Hit

Following the exploit, the ZK token’s price dropped by nearly 20%, likely due to the sell-off of the stolen tokens. At the time of writing, the token is trading around $0.04587.

An internal investigation is underway, and a full report will be published upon completion, according to the team.

The project’s 2024 token airdrop had already drawn widespread attention due to its scale — with 21 billion ZK in total supply — as well as criticism over distribution fairness and poor filtering of Sybil accounts.

It’s worth noting that the token also experienced a sharp decline after its exchange listing in June 2024, falling over 20% within hours of launch.