ZKsync Crashes Following $5 Million Token Theft: Security Breach and Market Impact

The ZKsync security team has detected a compromise of an administrative account, resulting in the interception of ZK tokens valued at approximately $5 million—these were unclaimed remnants from a recent airdrop.

In the wake of this incident, the price of ZK temporarily dipped by 17%, although it has since recovered partially.

Subsequently, researchers discovered that the implicated account (0x842822c797049269A3c29464221995C56da5587D) governed three contracts associated with the airdrop distribution.

Their analysis indicated that the transaction increased the circulating supply of tokens by about 0.45%. Experts emphasized that the incident exclusively impacted contracts related to the airdrop distribution, noting that all tokens due for release had already been issued. Therefore, the exploitation of this vulnerability cannot be replicated.

The offender still maintains the majority of the assets at [this address](https://era.zksync.network/address/0xb1027ed67f89c9f588e097f70807163fec1005d3).

Finally, the project announced its collaboration with experts from Security Alliance and urged the attacker to reach out for a return of the funds to avoid legal repercussions.

In 2021 and 2022, ZKsync secured $450 million in investments.

In September 2024, Alex Glukhovski, CEO of the protocol’s parent company Matter Labs, reported a 16% reduction in staff.

In June, the project executed an airdrop of 3.6 million ZK tokens. Following this extensive distribution, key performance metrics saw a significant decline.

It’s worth noting that the DAO behind ZKsync prematurely concluded its Ignite rewards program on March 17, citing unfavorable market conditions.