The ZKsync team confirmed that the hack of the airdrop contract resulted in a loss of $5 million in ZK tokens, with their price dropping by nearly 20%. An investigation into the incident is ongoing, and the team promises to publish a detailed report soon.
This is reported by Finway
Detection of Compromised Account
The security of the ZKsync L2 solution revealed that a compromised administrator account controlled the ZK token airdrop contract. The attacker gained access to unused tokens, stealing approximately $5 million worth.
“This is an isolated incident related to a compromised key that was used to manage the airdrop contract,” the team stated in an official announcement.
User Security Under Control
The company emphasized that all user funds are secure, and the core ZKsync protocol and ZK asset contract were not affected. Project representatives assured that no other ZK tokens are at risk.
At the time of writing, the asset is trading at $0.04587, according to CoinMarketCap data. The incident likely caused a sharp drop in the asset’s price due to the sale of the stolen tokens.
It is worth noting that the project’s token airdrop in 2024 attracted attention not only for its scale (21 billion ZK in total issuance) but also for criticism regarding unfair distribution and failure to filter Sybil accounts. After listing on exchanges in June last year, the asset’s price significantly declined.