A $5 million crypto heist rocked the ZKsync ecosystem after an attacker breached an admin wallet tied to airdrop contracts. The April 15, 2025 attack saw hackers exploit contract functions to mint a whopping 111 million ZK tokens – because apparently, some people just can’t resist pushing that “mint” button when it’s not theirs to push.
The fallout was swift and predictable. ZK token prices nosedived 14% in 24 hours, while trading volume shot up 96% to $71 million as panic spread through the market. The attacker, clearly not one to hodl, quickly swapped $3.5 million worth of tokens to Ethereum. Talk about a quick flip.
Market mayhem ensued as hackers dumped millions in stolen ZK tokens, sending prices plummeting while traders scrambled in the chaos.
Here’s the silver lining, if you can call it that: The core protocol remained untouched. No user funds were compromised, and the mainnet kept humming along like nothing happened. The breach was isolated to airdrop distribution contracts, but that’s cold comfort for participants who watched their promised tokens vanish into a hacker’s wallet.
The attack itself was brutally simple. After compromising the admin wallet’s private keys, the attacker executed the sweepUnclaimed() function – a move that probably had developers slapping their foreheads in frustration. Three smart contracts were manipulated in what amounts to a masterclass in “why centralized control is problematic.”
ZKsync’s team jumped into crisis mode, coordinating with exchanges and blockchain security firm SEAL 911 to track the stolen assets. They even tried the old “pretty please give it back” approach, warning of legal consequences if the attacker didn’t play nice.
The incident left the crypto community shaken, with investor confidence taking a hit and skepticism around airdrops reaching new heights. While only 0.45% of the total ZK token supply was affected, the breach served as a stark reminder: In crypto, administrative privileges are like dynamite – powerful but potentially explosive when mishandled. Like many DeFi smart contracts, this incident highlighted the critical vulnerability of code-based systems that can be exploited by determined hackers.
