On April 15, the team behind the Ethereum scaling network, ZKsync, identified a compromised admin account that took control of $5 million worth of ZK tokens. These were the remaining unclaimed coins from the ZKsync airdrop, they added.

The team reassured users that all their funds are safe and have never been at risk. “The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk,” they said.

“This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract.”

ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken. All user funds are safe and have never been at risk. The ZKsync… — ZKsync (∎, ∆) (@zksync) April 15, 2025

$5 Million Stolen

A short time later, the team posted an update stating that the account that was the admin of the three airdrop distribution contracts had been compromised. The attacker called a function that minted approximately 111 million unclaimed ZK tokens from the airdrop contracts.

The transaction inflated the amount of tokens in circulation by around 0.45% of the total supply and caused a brief dip in spot prices.

“This incident is contained to the airdrop distribution contracts only and all the funds that could be minted have been minted. No further exploits via this method are possible.”

They noted that the hacker still held funds in an account that contained 44 million ZK tokens worth $2.1 million and around 2,200 ETH worth $3.4 million.

When asked why the unclaimed airdrop tokens were left in the contract, co-founder and CEO of ZKsync, Alex Gluchowski, said, “The unminted supply was supposed to go back to the Token Assembly,” before adding, “We’re investigating why this didn’t happen.”

“The attacker is facing criminal liability. It’s in their best interest to investigate the funds return ASAP,” he said.

We’re actively investigating this incident and will publish the full update once the investigation and recovery efforts are complete. I am happy to take your questions here and will answer them to the best of my knowledge. https://t.co/yPgpNeQq5D — ALEX | ZK ∎ (@gluk64) April 15, 2025

ZKsync total value locked has tanked almost 80% since the beginning of February and was just over $60 million at the time of writing, according to DeFiLlama.

In June 2024, the platform began airdropping 17.5% of the total supply of tokens, or 3.67 billion ZK.

ZK Prices at ATL

The zero-knowledge rollup platform’s native token, ZK, tanked 13% immediately after the hack in a fall to and all-time low of $0.0415. However, it quickly recovered almost all losses and was trading at $0.0472 at the time of writing.

Nevertheless, ZK is trading at its lowest levels, having fallen 83% from a December high of $0.262 and its all-time high at the time of the airdrop of $0.321.