Hacker Mints, Steals $5M ZK Using Admin Key for Old ZKsync Airdrop

• Hackers cornered $5 million in ZK tokens from ZKsync through a compromised admin wallet.
• It targeted unclaimed tokens from the June 2024 airdrop.
• ZKsync is investigating and coordinating recovery with security partners.

ZKsync, an Ethereum Layer-2 scaling protocol, confirmed Tuesday that $5 million worth of ZK tokens were stolen due to a compromised administrator wallet. The breach targeted unclaimed tokens from the June 2024 airdrop distribution contracts.

How Did the Attacker Steal $5M in ZK Airdrop Tokens?

An update shared by the ZKsync protocol reveals that the breach originated from a compromised private key controlling the admin account for three airdrop distribution contracts. 

The attacker used this key to call a function named sweepUnclaimed() and minted approximately 111 million unclaimed ZK tokens directly to the attacker’s wallet, 0xb102…d6a8, which currently holds most of the stolen tokens. 

Related: Facing diminishing returns, ZKsync has decided to discontinue its Ignite DeFi rewards program, effective immediately

Are ZKsync User Funds Safe After the Hack?

ZKsync noted that the incident is isolated to the airdrop distribution cont…

The post Hacker Mints, Steals $5M ZK Using Admin Key for Old ZKsync Airdrop appeared first on Coin Edition.