ZKSync's $5M loss results from a compromised airdrop contract, not the main protocol.
ZK token drops 15% as panic sales trigger a sharp price decline.
ZKSync assures users that their funds remain secure, and necessary measures are being taken.
This week, ZKSync underwent an extensive security breach of its Layer-2 scaling solution for Ethereum. An attacker utilized a compromised administration wallet associated with the airdrop contract to steal $5 million worth of ZK tokens. The ZK token value suffered a major loss when the breach occurred, leading to a 15% decrease in hours. According to ZKSync team representatives, the breach left the core protocol and all user funds completely unaffected.
Details of the Breach Revealed
On Tuesday, ZKSync announced that its admin wallet associated with the airdrop contract had been hacked. There was a series of dumps of the wallet received by a hacker which contains the unclaimed amount from the ZK tokens that was done in relation to the airdrop campaigns of the project.
https://twitter.com/zksync/status/1912141160744632737
As for the tokens that have been stolen, these were the tokens that had not been claimed from the airdrop by any user with an active account in the new exchange. Within a very short time, ZKSync posted that this was a very specific airdrop contract issue and not the main protocol or the ZK token contract.
The breach triggered a wave of panic among investors, leading to a sharp sell-off. This market reaction was a significant factor in the 15% drop in ZK token value, which fell from $0.047 to under $0.04 within an hour. Despite the drop in token price, trading volume surged by 96%, reaching $71 million in the same period.
Security Response and User Assurance
ZKSync's team acted swiftly, assuring the public that user funds were safe. They confirmed that the exploit was contained within the airdrop contract and that the breach had not extended to any other parts of the platform. The team emphasized that the incident did not affect the ZK token’s main contract or the broader ZKSync network.
ZKSync team also stated that they were investigating the situation internally and will add more information in the future. However, they claimed that, necessary security measures are being taken to ensure that the incidents do not recur in the future. Although the breach covered only several users, the measures taken by the team were adequate enough to restore the users’ trust in the security of their accounts.
Broader Market Impact Following the Hack
This breach is not the first instance of sudden price drops in the cryptocurrency market. Recently, other tokens like Story Protocol’s IP token and MANTRA’s OM token also experienced significant declines. Story Protocol’s IP token dropped over 20% in a single day, while OM saw a drastic 90% drop, losing billions in market value.
ZKSync’s situation mirrors these incidents, where a rapid sell-off occurred in response to the security breach. While the ZKSync team has indicated that the situation has been contained, the market’s reaction has still raised concerns about the vulnerability of Layer-2 platforms and their airdrop mechanisms.
