ZKsync Hit by $5M Exploit as ZK Tokens Vanish in Layer-2 Breach
ZKsync, a layer 2 solution for Ethereum, has fallen victim to a major exploit, leading to the theft of $5 million in ZK tokens.
The ZKsync security team discovered an infiltrated admin account that seized control of approximately $5M worth of ZK tokens – the surplus unclaimed tokens from the ZKsync airdrop.
A post on the social media platform X confirmed that the breach focused on the platform’s smart contract framework. The security team reported that the hackers pilfered the assets from a breached administrator account that oversaw the airdrop contract. The assailant gained access to the residual unclaimed tokens from the ZKsync airdrop.
According to reports, the breach occurred through a complex vulnerability in ZKsync’s zero-knowledge proof system, which permitted the attacker to siphon funds from several wallets. Firms specializing in blockchain security are probing the situation.
“Necessary security measures are being taken. All user funds are safe and have never been at risk. The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk,” the team stated.
Additionally, the team confirmed that the event was singular and did not impact the core protocol or ZK token contract. All user assets remain protected, and the incident did not affect any token. ZKsync launched an internal inquiry and announced intentions to issue a comprehensive update in the near future.
Escalating Crypto Breaches
The cryptocurrency sector continues to confront assaults from nefarious hackers. ZKsync’s recent security lapse is another one on the growing list, alongside incidents like the Bybit breach, which, still vivid in the industry’s recollection, resulted in a nearly $1.5 billion loss. This week, the decentralized exchange KiloEx suffered a loss exceeding $7 million due to hackers taking advantage of a flaw in the platform’s price Oracle access controls.
ZachXBT, a well-known blockchain investigator, indicated that comprehensive government regulations may be essential to curb the continuously changing threats posed by crypto hackers. In a Telegram message on Tuesday, March 18, the crypto sleuth described the nearly $1.5 billion Bybit breach as “eye-opening,” warning that the industry’s security problems might not improve without government regulations that could “hurt our entire industry.”
Impact of the heist on ZKsync.
Although this security incident is confined to ZKsync’s airdrop cache, it may be behind the significant fall in the asset’s market worth. According to CoinGecko statistics, the token experienced a 3.03% decline in price over the past day as of this incident.
