A compromised admin account connected to ZKsync’s airdrop contracts executed a transaction that minted approximately $5 million worth of ZK tokens, stealing the remaining unclaimed allocation from the network’s first token distribution.
The attacker exploited a function to claim the tokens on April 15 and issued around 111 million ZK tokens, equivalent to roughly 0.45% of the protocol’s total token supply.
According to statements shared by ZKsync on X, the exploit was confined to the airdrop distribution contracts. It did not affect the ZKsync protocol, the ZK token contract, governance infrastructure, or any capped minters associated with the Token Program.
The protocol emphasized that user funds were never at risk and described the incident as isolated, resulting from a compromised private key controlling the affected admin account.
The attacker has already swapped $3.5 million of the stolen ZK tokens to Ethereum (ETH), as on-chain data points out.
ZKsync’s team stated that recovery efforts are underway in coordination with exchanges and blockchain security firm SEAL 911. The team also issued a public call for the attacker to contact them to negotiate a return of the funds and avoid legal consequences.
According to the team’s forensic investigation, the exploiter can no longer mint tokens using the same method. The incident has not impacted protocol-level operations or the security of ongoing governance activities.
After internal reviews and recovery actions conclude, the project will release a full post-mortem.
ZK token tanks
According to CryptoSlate data, the ZK token has fallen by 8.6% over the past 24 hours and is trading at $0.04513 as of press time.
Since launch, the token has lost nearly 90% of its value, a fact raised by community members in the aftermath of the exploit.
In response, Matter Labs CEO Alex Gluchowski addressed concerns on social media and said the drawdown is comparable to Ethereum and other layer-2 networks amid the broader market correction.
Gluchowski said:
“ETH and every other L2 is down significantly from their ATHs. Nevertheless, both myself and Matter Labs are as committed as ever to the mission and success of ZKsync. I also see very bullish signs from the new leadership of the Ethereum Foundation.”
Gluchowski added that he would continue answering public inquiries about the incident while the investigation remains active. ZKsync reiterated that they will share a technical update once they finish an ongoing security analysis.
Though limited in scope, the unauthorized minting has temporarily inflated the circulating supply and prompted increased scrutiny of key management practices within ZKsync’s smart contract deployments.
