On May 13th, 2025, There Was a Major Security Breach That Occurred in the Ethereum Layer-2 Scaling Solution ZKsync

On May 13th of May 2025, there was a major security breach that occurred in the Ethereum layer-2 scaling solution ZKsync. The official X accounts of ZKsync and its developer, Matter Labs, were hacked

May 13th of May 2025 saw a major security breach in the Ethereum layer-2 scaling solution ZKsync. The official X accounts of ZKsync and its developer, Matter Labs, were hacked, leading to fake information about an investigation by the U.S. Securities and Exchange Commission (SEC).

The incident unfolded in the early hours of the day as hackers gained control of the X accounts to post misleading remarks. A false report claimed that the SEC was investigating ZKsync and that the U.S. Department of the Treasury might be sanctioning it.

Coming very quickly after the post, the Developers team of ZKsync issued a warning on their official X account at 00:26 UTC. They notified the users of the breach and said that both accounts were not safe. The team recommended that the community desist from interacting with any post or links from the compromised accounts until they solved the problem. They assured the community they would provide an update after recovering the accounts.

Hackers Target ZK Token Price

The fake rumor of an SEC investigation appeared to be a move to play with the market. According to data from CoinMarketCap, the price of the ZK token dropped by about 2% in an hour after the fraudulent posts began.

The hackers also included links to a fake airdrop in their posts, which investigators discovered to be a phishing scam designed to steal user information.

This marks the second time in less than a month that ZKsync has been hit by a major security compromise. A hack of the network’s wallet in April 2025 led to the theft of ZK tokens worth a total of five million dollars for the company. The constant violations have raised concerns about the security measures adopted by the platform.

After some time had passed, the team from Matter Labs revealed that hackers most likely breached the X account through compromised delegated accounts. These accounts grant limited access to post on behalf of the main account, allowing the hackers to post without directly hacking the main account. The company is investigating the actual cause of the incident to ensure it does not happen again.

Community Response and Platform Challenges

The ZKsync community has been complaining about the frequent security issues. The platform, which leverages the use of the zero-knowledge proofs technique to improve the scalability of Ethereum, has faced criticism for its management of past events. The April breach, for example, caused a 19% decrease in the price of the ZK token, ultimately ending the day with a 5% loss.

The SEC has been known to investigate cryptocurrency platforms in the past, usually resulting in public disclosures by the affected firms. However, the claim posted by the hackers was completely fabricated without any evidence of an actual investigation. Similarly, the U.S. Treasury Department had no record of sanctioning ZKsync.

The ZKsync team is still working to recover the compromised accounts. They have reiterated their interest in securing the users and urged the community to remain vigilant against phishing attacks and false announcements.