Hackers targeting Ethereum scaling protocol ZKsync stole about $5 million of its native ZK crypto because of "a compromised" administrative account that allowed them to take control of unclaimed tokens from a recent airdrop, the project said Tuesday. 

The project’s native ZK token plunged on the news, dropping to nearly $0.04, according to crypto data provider CoinGecko. The token has since recovered slightly, and is now trading for nearly $0.05—an 8% decline over 24 hours. 

ZKsync is one of many “layer-2s”—blockchains that aim to speed up using the Ethereum crypto network. Such networks skirt around using the mainnet to cut costs. 

ZKsync said Tuesday on X: “All user funds are safe and have never been at risk. The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk.”

It added that hackers were able to mint new ZK tokens by targeting the tech behind the project’s airdrop. In the crypto world, would-be investors that show interest in an upcoming project are gifted tokens in airdrops. 

“This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract,” ZKsync added. “The investigation is ongoing, and a detailed update will be shared later today.”

ZKsync did not immediately respond to Decrypt’s questions. 

Hacks in the crypto space are common, especially in the fast-moving world of decentralized applications. Such apps—often built upon Ethereum—use code to automate processes, like borrowing and earning yield with digital coins and tokens. 

Hackers this year have already made away with a fortune after cybercriminals in February stole $1.4 billion from major centralized crypto exchange Bybit—the biggest crypto hack of all time. A large amount of those funds were sold on decentralized exchanges.

In the first two months of 2025, hackers stole nearly $1.6 billion in crypto, according to blockchain security firm Immunefi, which isn’t too far off last year’s total of $2.2 billion. 

Previously, many incidents would involve decentralized protocols, but last year, hackers went after centralized exchanges, too. 

Edited by James Rubin

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。