ZKsync Hit by Admin Hack, Attacker Mints 111 Million Extra Tokens

The breach was confirmed through ZKsync’s official account on X, which stated that this was an isolated event and no user wallets were affected.

ZKsync is a tool built on Ethereum ETH $1,699.03 that helps speed up transactions by grouping them together and confirming them at once. The platform had been running an airdrop to give out 17.5% of its total ZK token supply to supporters of the project.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Yield Farming in Crypto? (Animated Explanation)

SUBSCRIBE

ON YOUTUBE

According to an updated post on X, the attacker used access to three airdrop-related contracts and triggered a feature called "sweepUnclaimed()". This function was meant to handle leftover tokens from the ongoing airdrop.

The attacker created 111 million extra ZK tokens, which increased the total supply by around 0.45%. Most of those tokens still remain in the attacker’s wallet.

ZKsync says its main contracts, including those controlling token rules and community governance, were not affected. The platform has also said that the exploited method cannot be used again.

To address the situation, ZKsync is working with a cybersecurity group called the Security Alliance (SEAL) to try to recover the stolen funds.

KiloEX, a decentralized exchange (DEX), recently paused all trading after a $7.5 million security breach. How did the attacker pull it off? Read the full story.