A hacker compromised a ZKsync admin account on April 15, minting $5 million value of unclaimed airdrop tokens, in accordance to a press release from the official ZKsync X account. The assault was described as remoted, with no person funds affected.
Following an investigation, ZKsync detailed the incident on April 15, disclosing that the compromised account had administrative management over three airdrop distribution contracts. The attacker exploited a operate known as sweepUnclaimed() to mint 111 million unclaimed ZK tokens, growing the full token provide by 0.45%. As of the newest replace, the attacker nonetheless held management of a lot of the stolen funds.
Supply: ZKsync
ZKsync is coordinating restoration efforts with the Safety Alliance (SEAL). In line with the protocol, its governance and token contracts are unaffected. The corporate acknowledged that no additional exploits are potential by way of the “sweepUnclaimed()” vector.
ZKsync is an Ethereum layer-2 protocol that processes main-layer transactions in batches utilizing a know-how known as zero-knowledge rollups. The ZKsync Period platform has $57.3 million in whole worth locked as of April 15, in accordance to DefiLlama. ZKsync had been within the technique of airdropping 17.5% of its token provide to ecosystem members.
Associated: DeFi platform KiloEx gives $750K bounty to hacker
ZK token drops 7% in 24-hour buying and selling
ZKsync’s token, ZK (ZK), noticed risky value motion within the wake of the hack and the venture’s public disclosure on X. Round 1:00 pm UTC, the token had dropped 16%, falling to $0.040 earlier than rebounding to $0.047 on the time of writing. Regardless of the bounce, ZK stays down 7% over the previous 24 hours.
Total, $2 billion has been misplaced to crypto hacks within the first quarter of 2025 alone, simply $300 million much less than the full misplaced in 2024.
Journal: Lazarus Group’s favourite exploit revealed — Crypto hacks evaluation
