ZKsync Security Breach: 111 Million Tokens Illegally Minted

2 mins mins

Key Points:

ZKsync security breach mints 111 million tokens, affecting airdrop contracts.
$5 million in ZK tokens illegally minted.
Protocol remains secure; recovery efforts are ongoing.

ZKsync reported a security breach on April 15, 2025, leading to the illegal minting of 111 million ZK tokens from its airdrop contracts.

This breach in the ZKsync protocol had significant repercussions, although the core protocol and user funds were reportedly unaffected.

111 Million Tokens Minted in Airdrop Security Breach

ZKsync’s airdrop distribution contracts suffered a security breach involving a compromised admin key that allowed an attacker to mint approximately 111 million ZK tokens. According to Coincu’s research, this equated to about 0.45% of the total token supply, with the breach isolated to the airdrop distribution, sparing the core protocol, token contracts, and governance structures. At the incident’s core, a compromised key in the hands of an attacker allowed unauthorized minting from unclaimed airdrop allocations, reportedly valued at approximately $5 million.

Following the breach, ZKsync, working with SEAL 911 and cryptocurrency exchanges, outlined recovery measures and potential preventative strategies. Despite the isolated incident affecting only the airdrop contracts, trust within the community experienced fluctuations alongside morale concerns. The ZK token price saw a 15-20% decline, temporarily affecting the market dynamics and contributing to heightened caution among investors.

Market reactions included heightened scrutiny, especially regarding admin rights, with users criticizing perceived weaknesses in operational security and asset management. ZKsync’s CEO, Alex Gluchowski, emphasized the integrity of the protocol, reiterating that user funds were secure. While stressing ongoing transparency, he assured stakeholders that efforts for recovery and security enhancements are in motion, stating:

While the situation is unfortunate, it is important to note that the ZKsync protocol remains unaffected. The investigation is ongoing, and we remain committed to transparency throughout this process.

Price and Security Protocols Under Global Examination After Breach

Did you know? In 2021, Poly Network was similarly breached, with over $600 million stolen in a major exploit, underscoring ongoing challenges in cryptocurrency security.

According to CoinMarketCap, the ZKsync (ZK) token currently trades at $0.05 with a market cap of $173,161,386, reflecting a 24-hour trading volume surge of 219.72%, reaching $102,094,471. The widespread market volatility caused significant price declines, underscoring stakeholder concerns.

zksync-daily-chart-2 — ZKsync(ZK), daily chart, screenshot on CoinMarketCap at 21:38 UTC on April 15, 2025. *Source: CoinMarketCap*

Coincu’s research team predicts increased regulatory discussions surrounding Layer-2 security protocols. ZachXBT’s insights reinforce the need for enhanced security measures to address potential vulnerabilities, reinforcing the need for improved protocol governance practices.