ZKsync tokens worth $5M swiped in admin account breach

The team says an attacker minted unclaimed tokens from ZKsync’s 2024 airdrop

article-image

CryptoFX/Shutterstock and Adobe modified by Blockworks

share

This is a segment from The Drop newsletter. To read full editions, subscribe.


The Ethereum scaling-focused ZKsync team said one of their admin accounts was accessed and compromised, leading to the theft of over 100 million tokens.

The attacker swiped roughly 111 million ZK, or $5 million worth of the token, the ZKsync team said. This was the amount left unclaimed from the controversial ZK airdrop that took place in June last year.

The team said the incident is “isolated” and added that “all user funds are safe and have never been at risk.” 

ZKsync later identified a wallet address believed to be in the attacker’s possession and explained that the perpetrator had called a function in the airdrop contract that minted the unclaimed tokens. 

“The attacker called the sweepUnclaimed() function that minted approximately 111 million unclaimed ZK tokens from the aidrop [sic] contracts,” ZKsync’s X account said.

Loading Tweet..

That wallet also moved over 1,000 ETH two days ago onto Ethereum’s mainnet. Its first transaction is from three days ago. DeBank data shows that the wallet holds $3.7 million in ZK and ETH tokens on ZKsync’s chain and $1.76 million in ETH on Ethereum’s mainnet as of Wednesday morning, meaning that wallet has a net worth of over $5.5 million.

We don’t know yet how the account was breached, nor do we know the identity of the attacker. 

ZKsync co-inventor Alex Gluchowski wrote Tuesday morning: “We’re actively investigating this incident and will publish the full update once the investigation and recovery efforts are complete.”

Gluchowski also emphasized in a post: “No code was compromised — an operator key was compromised.”

Image: ZK token price in Pacific Time, showing a price plunge before the 6:49 am X post announcing the breach.

Some X users have accused the ZK breach of being an inside job (without showing evidence), while others have alleged that the ZK token is a scam in its entirety. Blockworks has reached out to ZKsync for comment, but did not receive a response by press time.

ZK’s price fell shortly after 6:30 am PT, right before the team’s first post about the breach at 6:49 am PT.

The token hit an all-time low of $0.041 on Tuesday.

By Wednesday morning, ZK’s price was up roughly 5% in the past 24 hours, but remains down 30% in the past month, per CoinGecko data.

Updated April 16, 2025 at 3:15 pm ET: Updated headline.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (19).png

Research

Suilend has grown into the top money market and liquid staking provider on Sui. STEAMM, Suilend’s Superfluid AMM, presents a compelling avenue for growing market share within Sui’s DEX landscape and revenue generation for the protocol. Suilend’s multi-product suite position it well for owning market share across key verticals. While current metrics across the Sui ecosystem are likely inflated due to Sui Foundation incentive programs, SEND trades at amongst the lowest multiples in the lend/borrow sector, suggesting that a bull case for continued growth in the ecosystem may be mispriced.

article-image

Polygon and GSR partnered on Katana, angling for a “unified DeFi engine” to concentrate liquidity, recycle yield to users and showcase the AggLayer.

article-image

Decentralized money was a “very unpopular goal” when concepts were proposed in the ’90s, said Nick Szabo

article-image

Cove aims to deliver “risk-adjusted yield” through curated DeFi vaults

article-image

The best capital markets are open to the most people — and crypto capital markets are open to everyone

article-image

Post-conference musings on Firedancer, Kraken, Solana Mobile and Trump

article-image

Executives expect others to follow SharpLink Gaming’s lead in purchasing an asset that has surged this past month