TLDR
- $5M in ZK tokens stolen from airdrop contracts.
- User funds and main protocol not affected.
- Attacker’s wallet identified, tracking ongoing.
- ZK token price dropped, then slightly recovered.
- ZKsync plans security upgrades and governance changes.
ZKsync has confirmed that a compromised administrator wallet enabled an unauthorized actor to drain approximately $5 million worth of ZK tokens from the protocol’s airdrop distribution contracts. According to ZKsync’s security team, the breach was isolated to the unclaimed portion of the airdrop and did not affect user funds or the core protocol infrastructure.
The incident was traced to a compromised key associated with the admin account of three airdrop contracts. The unauthorized actor used this access to call a function within the contract, enabling the minting and transfer of approximately 111 million unclaimed ZK tokens. ZKsync emphasized that the ZK token contract, the ZKsync protocol itself, and governance-related contracts remain secure.
Limited Scope of the Exploit and Containment Measures
The sweep targeted only the unclaimed token allocations from the ZKsync airdrop conducted in June 2024. The exploit was limited to the functionality of the specific airdrop distribution contracts. All tokens that could be accessed through this method have already been minted, effectively containing the breach. ZKsync has confirmed that no further funds can be extracted via the same method.
The attacker’s address, publicly shared by ZKsync, currently holds the majority of the drained funds. The security team collaborating with exchanges and blockchain monitoring organization @_seal_org to track the tokens and prevent further movement. The protocol has invited the attacker to contact the team via a dedicated security channel to arrange the return of funds.
Shortly after news of the breach surfaced, the price of ZK tokens declined from $0.047 to $0.039. The token has since seen a minor recovery, trading $0.04606 at the time of writing. This price movement reflects heightened investor sensitivity to security-related events within the cryptocurrency sector.
Protocol Response and Security Enhancements
ZKsync has announced upcoming improvements to its security infrastructure. These enhancements include transitioning to multi-party computation (MPC) wallets, deploying real-time transaction monitoring, and increasing decentralization through new governance mechanisms for treasury management.
In addition, ZKsync’s token distribution strategy allocated 89% of tokens to users and 11% to ecosystem partners and developers. The breach exposed vulnerabilities in how administrative access to remaining tokens was managed. This has prompted scrutiny from community members regarding the use of single-signature wallets and overall transparency.
The investigation is ongoing, and ZKsync stated that a detailed incident report will be published. The protocol’s next steps may include recovery efforts, community engagement regarding governance reforms, and additional audits to strengthen contract integrity.
