ZKsync confirmed that a compromised admin account drained approximately $5 million worth of ZK tokens from its airdrop contract.
The exploit affected only unclaimed tokens and did not compromise user funds or the core protocol, the team said in a statement on X.
“This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract,” ZKsync’s security team wrote. An investigation is ongoing, and the team has promised a detailed incident report.
The exploit triggered a sharp sell-off, with the ZK token price falling between 15-20% around 13:50 UTC. At press time, ZK was down about 11% on the day, according to CoinMarketCap.
The breach appears to have stemmed from stolen admin credentials tied to the contract managing leftover airdrop allocations. ZKsync emphasized that the protocol itself and the ZK token contract remain secure, and that no additional tokens are at risk.
The ZK token launched in June 2024 as part of a long-anticipated airdrop. While the rollout was significant, it also drew criticism over Sybil resistance and perceived inequities in distribution.
ZKsync, developed by Matter Labs, has a total supply of 21 billion ZK tokens.
Source link