- ZKsync under attack: admin key compromised, $5 million in ZK tokens stolen
- It led to the minting of 111 million ZK tokens from the pool of unallocated airdrops
- ZK token price dropped ~13% immediately after the incident
- ZKsync assured that the incident is isolated and doesn’t affect the protocol or infrastructure
- ZKsync is working with Seal 911 and several exchanges to track and block funds
ZKsync is under attack: admin key compromised, $5 million in ZK tokens stolen, or more precisely, 111 million ZK tokens minted from the pool of unallocated airdrop tokens, and the ZKsync token price dropped by 13%.
However, the ZKsync team assures that the incident is isolated, All tokens potentially available for unauthorized minting have already been extracted, further exploitation of this vulnerability is impossible and it does not affect the core protocol and user assets. ZKsync also states that security measures have already been implemented in cooperation with Seal 911 and several exchanges to track and block funds.
More Details About the ZKsync Security Incident
To begin with, it’s important to note that the incident does not affect the ZKsync protocol, the ZK token contract, the three governance contracts, or the core user assets, as stated by the ZKsync team.
The incident is limited solely to the account that was the admin of the three airdrop distribution contracts, which was compromised. The address in question is: 0x842822c797049269A3c29464221995C56da5587D.
The attacker gained control over the administrative key and used the public function sweepUnclaimed(), initiating a transaction that resulted in the minting of approximately 111 million ZK tokens from the pool of unclaimed airdrop assets.
The majority of the tokens were then transferred to the address 0xb1027ed67f89c9f588e097f70807163fec1005d3…, which is presumably controlled by the attacker. In total, 111 million ZKsync tokens were minted, estimated at a value of around $5 million.
The ZKsync team is working to clarify the full details of the incident in cooperation with Seal 911 and has also reached out to a number of crypto exchanges to ensure that any attempt to withdraw the stolen funds results in their freezing.
However, the attack had already impacted the ZKsync token’s price, with a sharp drop of ~13% immediately following the incident — from $0.0477 to $0.0415. It’s also worth noting that, just as the exploit was quickly contained, the token price also rebounded without major delay and is now trading at approximately $0.0464.
Conclusion
Just recently, we analyzed a rather sophisticated attack on Atomic and Exodus wallets. One of the key takeaways we highlighted was that attackers tend to target infrastructure surrounding blockchain solutions rather than the protocols themselves.
This incident serves—albeit less obviously—as another illustration of that pattern. It’s significantly easier for attackers to compromise an administrative account than to hack a core protocol that has undergone extensive audits and has been battle-tested in production (although such attacks are still possible).
The same principle applies to integration or partner breaches, such as the recent case with Bybit, which remains one of the most advanced and secure crypto exchanges on the market.
