On April 15, 2025, ZKsync confirmed that $5 million worth of ZK tokens were stolen after an admin wallet linked to the project’s airdrop contracts was compromised.
On April 15, 2025, ZKsync confirmed that $5 million worth of ZK tokens were stolen after an admin wallet linked to the project’s airdrop contracts was compromised. The breach allowed the attacker to mint approximately 111 million unclaimed tokens using the sweepUnclaimed() function. The compromised wallet was identified as 0x842822c797049269A3c29464221995C56da5587D.
According to the project, the incident was triggered by a compromised key and was limited to three airdrop distribution contracts. All tokens that could be accessed using this method have already been minted, and no further exploitation of this kind is possible.
The price of the ZK token dropped sharply following the breach. At around 1:50 p.m. UTC, the token fell by 20%, with the decline likely triggered by the sale of the stolen tokens. By the end of the day, ZK was down approximately 15%, according to The Block’s price tracking. CoinDesk reported a 13.7% decrease over the last 24 hours, along with a 96% increase in trading volume, reaching $71 million.
ZKsync stated that the protocol itself, the ZK token contract, all governance contracts, and the capped token program minters were not affected by the attack. The company emphasized that user funds were never at risk and that the problem was isolated to the airdrop reserves. The team posted on X that necessary security measures have been taken and that they are working on an internal investigation. A full incident report will be released after the investigation is complete.
The attacker has been urged to contact ZKsync at security@zksync.io to discuss the possibility of returning the stolen funds. ZKsync warned that failing to do so could result in legal consequences. In the meantime, the project is coordinating recovery efforts with Security Alliance and several exchanges.
The community response has been critical. Several users on social media expressed frustration and accused ZKsync of mismanagement. “The same tokens you all couldn’t give the community… A good way to exit, though… just sell and move on,” one reply said. Another user asked why these types of incidents never seem to affect team salaries but always involve community-distributed tokens.
ZKsync’s airdrop, launched in June 2024 with a total supply of 21 billion tokens, had already faced backlash over distribution issues and the failure to filter out Sybil attacks. This latest incident has further intensified scrutiny over the project’s handling of token distribution and security.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
