Hacks are, unfortunately, rather common in crypto. However, a hack of the airdrop funds is rather unusual. Nonetheless, that’s exactly what happened to ZKsync. A hacker managed to compromise an admin account.
This way, he got control over three smart contracts. These contained the remaining airdrop tokens. ZKsync had its main airdrop last year. So, let’s take a closer look at what exactly happened at ZKsync and its $ZK token.
What Happened at ZKsync?
In June 2024, ZKsync distributed 3.6 billion $ZK tokens in an airdrop. If you were active in the ZKsync Era and ZKsync Lite, you got a share of that airdrop. However, to date, there are still $5 million worth of tokens unclaimed. These were in the compromised admin account.
ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken.
All user funds are safe and have never been at risk. The ZKsync…
— ZKsync (∎, ∆) (@zksync) April 15, 2025
This account oversaw three smart contracts. These were airdrop distribution contracts. In case you’re interested, the address is 0x842822c797049269A3c29464221995C56da5587D.
Once the attacker got hold of the account, he called the sweepUnclaimed() function. This minted approximately 111 million unclaimed $ZK tokens from the airdrop contracts. See the picture below.
Source: ERA explorer
This transaction added around 0.45% to the circulating $ZK token supply. The total and max supply are fixed at 21 billion tokens. After the hack, the $ZK price dumped from 5 6/10 cents to 4 8/10 cents. However, the $ZK price has already been declining since early December 2024.
According to ZKsync on X, they are taking all necessary security measures. They state that all user funds are safe and have never been at risk. The ZKsync protocol and $ZK token contract remained secure, and no further $ZK is at risk. See the X post above. Furthermore, they claim that this is an isolated incident caused by a compromised key. This confines the hack to the $ZK token airdrop contract.
Update: the investigation has revealed that the account that was the admin of the three airdrop distribution contracts had been compromised. The compromised account address is 0x842822c797049269A3c29464221995C56da5587D.
The attacker called the sweepUnclaimed() function that…
— ZKsync (∎, ∆) (@zksync) April 15, 2025
By now, all mintable funds have been minted. There are no further exploits possible with these three contracts. However, the hacker still holds the majority of the tokens in his wallet. See the picture below.
Source: ERA explorer
ZKsync encourages the hacker(s) to get in touch with them. They would like to negotiate the return of the funds so he can avoid legal liability.
How Did the Market React?
The market, or $ZK holders, in this case, reacted with a slight panic. The $ZK price dropped around 20%. However, the price seems to be recovering. Nonetheless, we also noticed a spike in volume. Well over 160%. This indicates panic selling, as mentioned before.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to accepted levels of risk tolerance of the writer/reviewers, and their risk tolerance may be different from yours.
We are not responsible for any losses you may incur due to any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence.
Copyright Altcoin Buzz Pte Ltd.
The post ZKsync Confirms $5M Airdrop Exploit, User Funds Safe appeared first on Altcoin Buzz.
