A Recent Security Breach Has Led to a Significant Drop in the ZK Price

A recent security breach has led to a significant drop in the ZK price, as hackers managed to drain $5 million worth of tokens from a compromised admin account.

A recent security breach on ZKsync, a protocol focusing on rolling up transactions from several chains to reduce gas fees on the L1, has led to a significant drop in the ZK price. Hackers managed to drain $5 million worth of tokens from a compromised admin account, leading to a sharp decline in the value of the ZK token, which had been experiencing positive momentum since its launch in June 2024.

The ZKsync security team confirmed on April 15 that an attacker had gained control of an admin account managing the airdrop contract. The hack involved the creation of roughly 111 million unclaimed ZK tokens, which were then embezzled. The attacker successfully utilized this vulnerability by invoking the sweepUnclaimed() function to create and transfer the unclaimed tokens.

The admin account exploited and controlled the airdrop counter, a contract that distributed ZK tokens to users. The minting transaction added approximately 0.45% of the total ZK token supply to the circulating supply of the tokens. The lost tokens were pegged at about $5 million. The attack only affected the airdrop distribution smart contracts; other contracts within the ZKsync protocol were not impacted.

The ZKsync team reassured users that no user funds were at risk during the attack. The protocol and the ZK token contract remained secure. In a post on X, the security team stated, “All user funds are safe and were never at risk,” adding that “necessary security measures” were being taken. They also emphasized that the incident was isolated and confined to the airdrop contract.

According to the team investigation, the compromised admin account’s address was identified, and the ZKsync team will work with organizations to recover the stolen funds. They also encourage the attacker to contact them for negotiations regarding the return of the stolen tokens. “We are coordinating the recovery efforts with @_seal_org and exchanges,” the team mentioned.

Following the crypto hack, ZK’s price dropped significantly, which is the second of the major crypto crashes witnessed this week. After the announcement, ZK’s price fell by around 20%, likely due to the hacker selling the stolen tokens on the market. By the time of the report, the price had recovered slightly but was still down about 12% from the intra-day high.

This price drop directly responds to the increased circulation of tokens due to the hack. The influx of additional tokens into the market raised concerns among investors, contributing to the decline.

However, the ZKsync team’s assurance that no further vulnerabilities exist has calmed some fears, although the price has not fully recovered.

According to the Zsync team, the investigation into the incident is ongoing. A more detailed update will be shared once the team has completed its findings.

In addition, the ZKsync team is actively working with exchanges to help recover the stolen funds. They have also contacted the attacker to facilitate the return of the stolen tokens, warning that legal consequences could follow if the situation is not resolved.

While the attack’s immediate impact has temporarily dropped the price of ZK tokens, the team remains confident in the overall security of the ZKsync protocol. As the investigation progresses, further updates and details about the incident are expected.