While Layer-2 platforms are striving to scale Ethereum by optimizing costs and increasing transaction speeds, ZKsync – one of the most anticipated projects – has just faced a serious attack causing losses of around $5 million, stemming from a security flaw in the airdrop contract.
Although the project claims all user funds are still safe, this incident once again raises questions about the reliability of Layer-2 scaling solutions, especially in the context of rapidly increasing hacks in crypto in 2025.
Vulnerability in Airdrop Contract: Hackers "minted" $5 million
#ZKsync confirmed on Tuesday that a compromised admin account allowed hackers to control the amount of ZK tokens not yet claimed by users after the recent airdrop. Total losses are recorded at about $5 million, primarily in ZK tokens stolen through invalid minting.
Notably, the main ZK Token contract and the ZKsync protocol remain secure and unaffected by this incident. The project team asserts that this is an isolated incident, limited to the contract related to the airdrop program.
"All user assets remain safe and have never been threatened," a ZKsync representative wrote on X. "There are no risks to circulating ZK tokens outside the scope of the airdrop contract."
ZK Token plummets due to panic
Immediately after news of the hack spread, the ZK token price plummeted to nearly $0.04, according to data from CoinGecko. Although it later recovered slightly to around $0.05, this level still reflects an 8% decline within 24 hours, indicating the community's skepticism regarding the security of the ZKsync ecosystem.
Airdrop: A double-edged sword?
#Airdrop is a popular token distribution method in the crypto world, used to attract early users and build community for new projects. However, this incident shows that if the technical aspects are not securely protected, airdrops can become critical weaknesses.
The ability of hackers to mint ZK tokens from the airdrop contract indicates that the admin key in the system has been compromised or manipulated. This raises a significant question: is there too much power concentrated in a small development group within current decentralized projects?
Not the only hack of the year
According to a report from the blockchain security company Immunefi, in just the first two months of 2025, nearly $1.6 billion in cryptocurrency has been stolen – a figure approaching the total losses for the entire year of 2024 ($2.2 billion). Among them, the $1.4 billion hack at a major centralized exchange in February remains the largest incident in the history of the crypto industry to date.
Notably, the trend of attacks is shifting from decentralized protocols to centralized platforms, indicating that hackers are targeting both systems and individuals – from smart contract flaws to seizing access to admin accounts as in the case of ZKsync.
Users and investors should exercise caution
Although ZKsync has quickly asserted that the core system remains safe, this incident once again raises alarm bells for investors, especially users participating in Layer-2 ecosystems such as ZKsync, Arbitrum, or Optimism.
If you are a Binance user or interested in the Ethereum ecosystem, please:
Exercise caution when interacting with airdrop contracts or external connected wallets.
Do not store large amounts of assets on an unproven long-term platform.
Closely monitor announcements from the project to stay informed about remediation efforts and the possibility of token refunds (if any).
Conclusion
Although the ZKsync hack did not directly affect users, the vulnerability in the token distribution process is a costly lesson for the entire industry. As more Layer-2 platforms are launched and rapidly developed, security will be the biggest barrier to overcome to ensure user trust.
⚠️ Risk warning
The cryptocurrency market always poses high risks, especially in new protocols and activities like airdrops, farming, staking... Incidents like the ZKsync hack can occur at any time. Invest cautiously, allocate capital wisely, and always stay updated with information from official sources before making decisions.
