04-16-2025, 01:32 AM
Hacker mints $5M in ZK tokens after compromising ZKsync admin account
<p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjNiMDktMTYzNi03NDE2LWI2YWQtMzBmOGYwNDk1NzQ1.jpg"></p><p><p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjNiMDktMTYzNi03NDE2LWI2YWQtMzBmOGYwNDk1NzQ1.jpg" alt="Hacker mints $5M in ZK tokens after compromising ZKsync admin account"></p><p>A hacker compromised a ZKsync admin account on April 15, minting $5 million worth of unclaimed airdrop tokens, <a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912141160744632737" rel="null" target="null" text="null" title="null">according</a> to a statement from the official ZKsync X account. The attack was described as isolated, with no user funds affected.<p>Following an investigation, ZKsync <a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912165357642473488" rel="nofollow noopener" target="_blank" text="null" title="https://x.com/zksync/status/1912165357642473488">detailed</a> the incident on April 15, disclosing that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.</p><figure><img alt="Hacker mints $5M in ZK tokens after compromising ZKsync admin account" src="https://s3.cointelegraph.com/uploads/2025-04/01963afd-01e0-72ce-9ec5-443ca16d9e9e" title=""><figcaption style="text-align: center;"><p><em>Source: </em><a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912141160744632737" rel="nofollow noopener" target="_blank" text="null" title="https://x.com/zksync/status/1912141160744632737"><em>ZKsync</em></a></p></figcaption></figure><p>ZKsync is coordinating recovery efforts with the <a data-ct-non-breakable="null" href="https://x.com/_seal_org" rel="null" target="null" text="null" title="null">Security Alliance</a> (SEAL). According to the protocol, its governance and token contracts are unaffected. The company stated that no further exploits are possible via the “sweepUnclaimed()” vector.</p><p>ZKsync is an Ethereum layer-2 protocol that processes main-layer transactions in batches using a technology called zero-knowledge rollups. The ZKsync Era platform has $57.3 million in total value locked as of April 15, <a data-ct-non-breakable="null" href="https://defillama.com/chain/zkSync%20Era" rel="nofollow noopener" target="_blank" text="null" title="https://defillama.com/chain/zkSync%20Era">according</a> to DefiLlama. ZKsync had been in the process of airdropping 17.5% of its token supply to ecosystem participants.</p><p><em><strong>Related: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/news/kilo-ex-dex-offers-750k-bounty-hacker" rel="null" target="null" text="null" title="null"><em><strong>DeFi platform KiloEx offers $750K bounty to hacker</strong></em></a></p><h2>ZK token drops 7% in 24-hour trading </h2><p>ZKsync’s token, ZK (ZK), saw volatile price action in the wake of the hack and the project’s public disclosure on X. Around 1:00 pm UTC, the token had dropped 16%, falling to $0.040 before rebounding to $0.047 at the time of writing. Despite the bounce, ZK remains down 7% over the past 24 hours.</p><p>Overall, <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/q1-2025-crypto-hacks-2b-lost" rel="null" target="null" text="null" title="null">$2 billion has been lost to crypto hacks</a> in the first quarter of 2025 alone, just <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/crypto-hackers-2024-record-2-3-b-thefts" rel="null" target="null" text="null" title="null">$300 million less</a> than the total lost in 2024.</p><p><a data-ct-non-breakable="null" href="https://cointelegraph.com/magazine/north-korean-hackers-private-keys-flash-loan-attacks/" rel="null" target="null" text="null" title="null"><em><strong>Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis</strong></em></a></p><template data-name="subscription_form" data-type="markets_outlook" label="Subscription Form: Markets Outlook"></template><p><br><br></p></p>
</p>
https://cointelegraph.com/news/zksync-ha...er_inbound
<p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjNiMDktMTYzNi03NDE2LWI2YWQtMzBmOGYwNDk1NzQ1.jpg"></p><p><p style="float:right; margin:0 0 10px 15px; width:240px;"><img src="https://images.cointelegraph.com/images/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5NjNiMDktMTYzNi03NDE2LWI2YWQtMzBmOGYwNDk1NzQ1.jpg" alt="Hacker mints $5M in ZK tokens after compromising ZKsync admin account"></p><p>A hacker compromised a ZKsync admin account on April 15, minting $5 million worth of unclaimed airdrop tokens, <a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912141160744632737" rel="null" target="null" text="null" title="null">according</a> to a statement from the official ZKsync X account. The attack was described as isolated, with no user funds affected.<p>Following an investigation, ZKsync <a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912165357642473488" rel="nofollow noopener" target="_blank" text="null" title="https://x.com/zksync/status/1912165357642473488">detailed</a> the incident on April 15, disclosing that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.</p><figure><img alt="Hacker mints $5M in ZK tokens after compromising ZKsync admin account" src="https://s3.cointelegraph.com/uploads/2025-04/01963afd-01e0-72ce-9ec5-443ca16d9e9e" title=""><figcaption style="text-align: center;"><p><em>Source: </em><a data-ct-non-breakable="null" href="https://x.com/zksync/status/1912141160744632737" rel="nofollow noopener" target="_blank" text="null" title="https://x.com/zksync/status/1912141160744632737"><em>ZKsync</em></a></p></figcaption></figure><p>ZKsync is coordinating recovery efforts with the <a data-ct-non-breakable="null" href="https://x.com/_seal_org" rel="null" target="null" text="null" title="null">Security Alliance</a> (SEAL). According to the protocol, its governance and token contracts are unaffected. The company stated that no further exploits are possible via the “sweepUnclaimed()” vector.</p><p>ZKsync is an Ethereum layer-2 protocol that processes main-layer transactions in batches using a technology called zero-knowledge rollups. The ZKsync Era platform has $57.3 million in total value locked as of April 15, <a data-ct-non-breakable="null" href="https://defillama.com/chain/zkSync%20Era" rel="nofollow noopener" target="_blank" text="null" title="https://defillama.com/chain/zkSync%20Era">according</a> to DefiLlama. ZKsync had been in the process of airdropping 17.5% of its token supply to ecosystem participants.</p><p><em><strong>Related: </strong></em><a data-ct-non-breakable="null" href="https://cointelegraph.com/news/kilo-ex-dex-offers-750k-bounty-hacker" rel="null" target="null" text="null" title="null"><em><strong>DeFi platform KiloEx offers $750K bounty to hacker</strong></em></a></p><h2>ZK token drops 7% in 24-hour trading </h2><p>ZKsync’s token, ZK (ZK), saw volatile price action in the wake of the hack and the project’s public disclosure on X. Around 1:00 pm UTC, the token had dropped 16%, falling to $0.040 before rebounding to $0.047 at the time of writing. Despite the bounce, ZK remains down 7% over the past 24 hours.</p><p>Overall, <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/q1-2025-crypto-hacks-2b-lost" rel="null" target="null" text="null" title="null">$2 billion has been lost to crypto hacks</a> in the first quarter of 2025 alone, just <a data-ct-non-breakable="null" href="https://cointelegraph.com/news/crypto-hackers-2024-record-2-3-b-thefts" rel="null" target="null" text="null" title="null">$300 million less</a> than the total lost in 2024.</p><p><a data-ct-non-breakable="null" href="https://cointelegraph.com/magazine/north-korean-hackers-private-keys-flash-loan-attacks/" rel="null" target="null" text="null" title="null"><em><strong>Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis</strong></em></a></p><template data-name="subscription_form" data-type="markets_outlook" label="Subscription Form: Markets Outlook"></template><p><br><br></p></p>
</p>
https://cointelegraph.com/news/zksync-ha...er_inbound