🚨ZKsync Airdrop Exploit: Key Details & Timeline
#Zksync suffered a $5M exploit via a compromised admin key tied to its airdrop contracts.
No user funds were affected, but the attacker minted 111M unclaimed ZK tokens (~0.45% of the total supply).

Here’s a breakdown of what happened👇

1️⃣Attack Vector

🔐An admin wallet controlling 3 airdrop contracts was compromised.

📥The attacker triggered sweepUnclaimed() to mint 111M ZK tokens originally reserved for the airdrop.

2️⃣Execution
🔗Contract exploited: Airdrop distribution

🧧Compromised address: 0x842822c797049269A3c29464221995C56da5587D

📦Mint tx: https://era.zksync.network/tx/0x14b120ff26e8d678fdaa26eef81cf166cb8bc1a20e9bdef6a02fd2af2ee0071e…

🎯Inflated token supply by ~0.45%

3️⃣Impact

💸~$5M in $ZK tokens stolen

📉Price dropped 16% from $0.05 → $0.042 (currently at $0.047)

📊Airdrop supply affected only — protocol, token contract, and user funds remain untouched

4️⃣Response & Mitigation

🛡️Incident contained, no further minting possible

🤝Working with @_seal_org & exchanges

📨Attacker urged to return funds via [email protected]

🧵Full post-mortem pending

5️⃣Current Status

🔍Attacker wallet: 0xb1027ED67f89c9F588E097f70807163feC1005d3 still holds a majority of stolen tokens

🧠Investigation ongoing

🔒Core contracts secure

This incident highlights risks even in isolated token distribution mechanisms — secure your keys🗝️#CryptoHack