A brazen cyberattack on Ethereum scaling network ZKsync has rattled the crypto community. Hackers infiltrated an administrative account tied to the platform’s token airdrop contracts, minting $5 million in unclaimed ZK tokens overnight. While user funds remain safe, the breach highlights lingering vulnerabilities in crypto infrastructure.
ZKsync confirmed the April 15 exploit in a public statement, calling it an “isolated incident.” The attacker exploited administrative privileges to manipulate token distribution, sparking market chaos. Here’s what we know.
How a Single Account Caused Chaos
On April 15, hackers gained control of a ZKsync admin account linked to three airdrop contracts. Using a function called “sweepUnclaimed(),” they minted 111 million ZK tokens worth roughly $5 million from unclaimed airdrop reserves. This sudden mint spiked the token’s total supply by 0.45%, shaking investor confidence.
Security analysts traced the attack to a compromised admin key, which granted full control over token distribution. Following this, ZKsync emphasised that user wallets and core protocol functions stayed secure. “No further exploits are possible through this vector,” the team assured.
Market Turmoil
News of the hack triggered immediate market fallout. ZK’s price nosedived 16% to $0.040 within hours before clawing back to $0.047. Despite the rebound, the token remains down 7% over 24 hours, per CoinGecko data.
Traders dumped holdings fearing broader vulnerabilities, though ZKsync’s $57.3 million in locked assets stayed untouched. The token’s volatility underscores how security breaches, even isolated ones, can spark rapid sell-offs.
Damage Control
ZKsync has enlisted blockchain security group SEAL to trace and recover stolen tokens. As of press time, the attacker retains control over most minted funds. However, the protocol insists its governance systems and token contracts remain unharmed.
“This incident was confined to the airdrop contract,” the team reiterated. They plan to share a detailed post-mortem soon. Meanwhile, crypto exchanges monitor the hacker’s wallet, though liquidating $5 million in tokens without detection poses challenges.
How Hackers Exploited Token Distribution
The breach targeted ZKsync’s recent airdrop, which allocated 17.5% of ZK’s supply to users. Hackers manipulated the “sweepUnclaimed()” function, designed to reclaim undistributed tokens, to mint new ones illegitimately.
Airdrops, often used to reward early adopters, have become prime targets for exploits. Unlike direct fund thefts, this attack exploited administrative privileges, a growing trend in crypto hacks.
Crypto’s Hacking Epidemic: $2 Billion Lost in 2025 Alone
ZKsync’s breach mirrors a grim industry trend. Over $2 billion vanished in crypto hacks during 2025’s first quarter, nearing 2024’s $2.3 billion total. February’s $1.4 billion Bybit heist remains the year’s largest, but layer-2 networks like ZKsync are now in attackers’ crosshairs.
Immunefi reports $1.6 billion stolen by February 2025, signalling relentless threats. Once focused on decentralised apps, hackers increasingly target centralised exchanges and administrative controls, exploiting single points of failure.
What’s Next for ZKsync?
ZKsync vows to overhaul its key management systems to prevent repeat breaches. While the protocol’s core technology, zero-knowledge rollups, stayed intact, the incident exposes risks in multi-sig controls and admin privileges.
The team urges users to stay vigilant but insists the network remains robust. “This was a painful lesson, but not a fatal one,” a spokesperson said. As recovery efforts advance, the crypto world watches closely, aware that today’s fixes could shape tomorrow’s security standards.
Rising Security Threats
While ZKsync navigates fallout, the hack underscores a harsh truth: In crypto’s high-stakes environment, even minor vulnerabilities can yield million-dollar losses. As layer-2 networks grow, balancing accessibility with ironclad security becomes non-negotiable.
