ZKsync reported a breach involving an admin account that resulted in the theft of approximately 111 million ZK tokens, valued at about $5 million. The incident arose due to an attacker minting unclaimed tokens from ZKsync's 2024 airdrop. The team clarified that an operator key was compromised, but no code was breached and all user funds remain secure. The attacker then moved over 1,000 ETH, totaling a wallet worth over $5.5 million across ZKsync’s chain and Ethereum's mainnet. The investigation is ongoing, and the identity of the perpetrator is still unknown. Following the breach, the price of ZK tokens dropped sharply but experienced a slight rebound shortly after news of the incident broke. Speculations arose on social media about the potential for an inside job, while general concerns about the integrity of the ZK token were raised. ZKsync's co-inventor emphasized the importance of their ongoing recovery efforts and investigation into the incident.

Source 🔗