ZKsync Confirms $5M Token Exploit Linked to Compromised Admin Account

    Table of Contents

    Share

    ZKsync has confirmed a security incident involving the unauthorized minting of roughly $5 million worth of ZK tokens after an admin account tied to its airdrop distribution contracts was compromised. The breach, which targeted unclaimed tokens from a recent airdrop, has been contained, according to a statement released by the ZKsync security team.

    The attacker exploited a privileged function in the airdrop contract to mint approximately 111 million ZK tokens. This inflated the total circulating supply by 0.45%, though the impact is limited to the airdrop mechanism.

    Incident Contained, No Broader Protocol Risk

    ZKsync emphasized that no user funds were affected and that the broader protocol remains secure. The unauthorized access was restricted to one admin address overseeing three airdrop distribution contracts. The incident did not compromise the ZK token contract, the core protocol, governance contracts, or active capped minters.

    The compromised account initiated the minting transaction now under investigation. The attacker’s wallet currently holds the bulk of the stolen tokens at another address. The organization clarified that no additional ZK tokens can be minted using this method, stating that the vulnerability has been fully exploited and is no longer active.

    Recovery Efforts Underway as Investigation Continues

    ZKsync is working alongside blockchain security group SEAL 911 and coordinating with cryptocurrency exchanges to freeze or recover assets where possible. The team is also encouraging the attacker to initiate contact to discuss returning the funds and potentially mitigating legal consequences.

    A full technical report is expected to be released once the internal investigation concludes. ZKsync has not disclosed how the attacker gained access to the admin account, though they confirmed it stemmed from a compromised key rather than a smart contract flaw.

    This event marks a significant reminder of the risks associated with key management in decentralized ecosystems, especially during token distribution phases. No timeline has been shared for potential recovery or further updates.

    Related posts:

    1. FTX and Alameda Ordered to Pay $12.7 Settlement to Creditors
    2. Binance to Hire 1,000 Employees for Compliance Roles
    3. $30T in Tokenized RWAs by 2030 is A Wild Overreach, Analyst Suggests
    4. Visa Launches New Platform to Help Banks Issue Fiat-Backed Tokens on Ethereum
    5. Binance Rejects Majority of Israeli Military Requests to Freeze Palestinian Crypto Wallets

    Disclaimer: This article is intended solely for informational purposes and should not be considered trading or investment advice. Nothing herein should be construed as financial, legal, or tax advice. Trading or investing in cryptocurrencies carries a considerable risk of financial loss. Always conduct due diligence before making any trading or investment decisions.

      Recent Posts

      Categories

      Related Post

      Start your digital currency journey today!

      Create your account in less than 10 seconds and start trading with 20x margin and 100x futures immediately!

      Younyi makes trading easier

      Concerning

      Article

      Crypto Hubs

      Join the official Telegram Channel