ZKsync confirmed that a compromised admin account drained approximately $5 million worth of ZK token from its airdrop contract.
In a statement published on X, the team expressed that the exploit only affected tokens that had not yet been claimed and that it did not compromise user funds or the core protocol.
According to a statement written by ZKsync’s security team, “This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract.”
The team has committed to providing a comprehensive incident report, and the inquiry is underway. The vulnerability resulted in a significant decline in the price of ZK tokens, which dropped by between 15 and 20 percent at approximately 13:50 UTC.
According to CoinMarketCap, ZK experienced a decline of almost 11% on the day of publication. A compromise appears to have occurred as a result of stolen administrative credentials that were associated with the contract that managed remaining airdrop allocations.
In addition, ZKsync underlined that the ZK token contract and the protocol itself continue to be secure and that there are no additional tokens that are in danger.
A long-awaited airdrop served as the catalyst for the debut of the ZK token in June of 2024. Despite a big rollout, Sybil’s resistance and perceived resource distribution disparities drew criticism.
Matter Labs is responsible for the development of ZKsync, which has a total supply of 21 billion ZK tokens.
