ZKsync Loses $5M in Isolated Admin Account Compromise

ZKsync, an Ethereum layer-2 scaling solution, has experienced a significant security breach that has resulted in the loss of approximately $5 million worth of its native token. The project security team disclosed this exploit in a Tuesday post on X. They emphasized that the stolen funds were the remaining unclaimed tokens from its airdrop.

This airdrop debuted last year with a total supply of 21 billion. While the rollout was significant, it also drew criticism due to perceptions of unfair token distribution and the team’s failure to filter out Sybil farmers.

What Happened?

The security team said the stolen funds were drained from a compromised admin account that managed the airdrop contract. The attacker reportedly gained control of the remaining unclaimed tokens from the ZKsync airdrop.

“Necessary security measures are being taken. All user funds are safe and have never been at risk. The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk,” the team stated.

Furthermore, the team asserted that the incident was isolated and did not affect the main protocol or ZK token contract. All user funds remain secure, and no additional tokens are at risk. ZKsync has initiated an internal investigation and announced plans to provide a full update later.

While this security breach is reportedly limited to ZKsync’s airdrop reserve, the incident possibly triggered the sharp decline in the asset’s market value. According to CoinGecko data, the token registered a 10.9% price drop in the last 24 hours.

Rising Crypto Hacks

ZKsync’s recent security breach added to the list of malicious attacks that have occurred this year in the crypto space. The Bybit hack, still relatively fresh in the industry’s memory, wiped out a whopping $1.4 billion. Last month, the decentralized perpetual exchange GMX suffered a loss of approximately 6,260 ETH (worth about $13 million).

Earlier today, the decentralization exchange KiloEx lost $7 million after hackers exploited a vulnerability in the platform’s price Oracle access control. With over $2 billion lost in hacks so far in 2025, the pressure on platforms to boost security has increased tremendously. 

The post ZKsync Loses $5M in Isolated Admin Account Compromise appeared first on Cointab.