- ZKsync, an Ethereum layer-2 scaling solution, reported on Tuesday that its admin wallet was compromised.
- The hacker minted 111 million unclaimed ZK tokens worth $5 million.
- The ZK token price dipped nearly 19% and closed at a 5% loss.
ZKsync (ZK), an Ethereum layer-2 scaling solution, reported on Tuesday that its admin wallet had been compromised. The hacker then minted 111 million unclaimed ZK tokens worth $5 million. The ZK token price dipped nearly 19% and closed at a 5% loss that day.
ZKSync’s admin wallet compromise
ZKsync, an Ethereum layer-2 scaling solution using zero-knowledge proofs, reported a security breach on Tuesday. The attacker exploited an admin wallet and took control of $5 million worth of ZK tokens—the remaining unclaimed tokens from the ZKsync airdrop.
“The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts,” said ZKsync on its X post.
The post continued: “This incident is contained to the airdrop distribution contracts only, and all the funds that could be minted have been minted. No further exploits via this method are possible.”
Update: the investigation has revealed that the account that was the admin of the three airdrop distribution contracts had been compromised. The compromised account address is 0x842822c797049269A3c29464221995C56da5587D.
The attacker called the sweepUnclaimed() function that…
— ZKsync (∎, ∆) (@zksync) April 15, 2025
This security breach has inflated the amount of tokens in circulation by 0.45% of the total token supply. The ZK token price dipped nearly 19% and closed at a 5% loss that day. At the time of writing on Wednesday, it is recovering slightly, trading at around $0.047.
ZK chart. Source: CoinGecko
