ZK token crashes after $5m airdrop exploit confirmed by ZKsync

ZKsync confirmed that a compromised admin account drained approximately $5 million worth of ZK tokens from its airdrop contract. The exploit affected only unclaimed tokens and did not compromise user funds or the core protocol, the team said in a statement on X. “This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract,” ZKsync’s security team wrote. An investigation is ongoing, and the team has promised a detailed incident report. The exploit triggered a sharp sell-off, with the ZK token price falling between 15-20% around 13:50 UTC. At press time, ZK was down about 11% on the day, according to CoinMarketCap. ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken. All user funds are safe and have never been at risk. The ZKsync… — ZKsync (∎, ∆) (@zksync) April 15, 2025 The breach appears to have stemmed from stolen admin credentials tied to the contract managing leftover airdrop allocations. ZKsync emphasized that the protocol itself and the ZK token contract remain secure, and that no additional tokens are at risk. The ZK token launched in June 2024 as part of a long-anticipated airdrop. While the rollout was significant, it also drew criticism over Sybil resistance and perceived inequities in distribution. ZKsync, developed by Matter Labs, has a total supply of 21 billion ZK tokens. You might also like: CleanSpark ends 100% HODL policy, secures $200m from Coinbase Prime

Source: crypto.news