Hacker mints $5M in ZK tokens after compromising ZKsync admin account
The attacker exploited an admin account tied to ZKsync’s airdrop contracts, minting 111 million unclaimed tokens worth $5 million.
A hacker compromised a ZKsync admin account on April 15, minting $5 million worth of unclaimed airdrop tokens, according to a statement from the official ZKsync X account. The attack was described as isolated, with no user funds affected.
Following an investigation, ZKsync detailed the incident on April 15, disclosing that the compromised account had administrative control over three airdrop distribution contracts. The attacker exploited a function called sweepUnclaimed() to mint 111 million unclaimed ZK tokens, increasing the total token supply by 0.45%. As of the latest update, the attacker still held control of most of the stolen funds.
Source: ZKsync
English
Spanish
French
German
Arabic
Chinese (Simplified)
Russian
Portuguese
Indonesian
Dutch
Afrikaans
Italian
Vietnamese
Bulgarian
Croatian
Danish
Greek
Hebrew
Hindi
Hungarian
Irish
Japanese
Korean
Norwegian
Persian
Polish
Romanian
Somali
Swedish
Thai