ZK Token Crashes 17% in 30 Minutes as Hacker Gains Control of $5M in Unclaimed ZKSync Airdrop Tokens

The ZK token has crashed 17% within a short timeframe amid a hack event that saw the exploiter gain control of millions in unclaimed ZKSync airdrop tokens.

The ZKSync ecosystem has again found itself in the midst of controversy, this time following a serious security breach that led to a sharp plunge in the price of its native token, ZK. 

ZKSync Suffers Exploit

On-chain activity on April 15 confirmed that an entity successfully minted 110 million ZK tokens earlier today. Of this staggering amount, the individual has already sold 66 million tokens, triggering massive volatility and panic across crypto exchanges.

Notably, the ZKSync security team quickly released a statement on X regarding the development. They acknowledged that an admin account suffered a compromise, granting the attacker access to nearly $5 million worth of unclaimed tokens from the project’s airdrop allocation. 

ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken.

All user funds are safe and have never been at risk. The ZKsync…

— ZKsync (∎, ∆) (@zksync) April 15, 2025

The team emphasized that the exploit only impacted the airdrop contract and did not affect the broader ZKSync protocol, the ZK token smart contract, or user wallets. According to them, security teams have already initiated emergency protocols, and a thorough investigation is underway to determine the full scope of the breach.

While the core infrastructure remains intact, the market reaction was immediate. Within a mere 30-minute window, ZK token’s price plummeted from $0.0478 to $0.0396 — a brutal 17% drop that rattled holders and traders alike. 

Although the asset made a partial recovery, rebounding to $0.0441, the market sentiment remains overwhelmingly bearish. In addition, the Relative Volatility Index (RVI), a metric for tracking price turbulence, surged from a low 18.68 to a hyperactive 72.81 within just an hour.

Community Reactions

The recent exploit has only amplified growing discontent among zkSync’s community members, many of whom have been vocal about their frustrations since the controversial airdrop. 

Pseudonymous commentator Hanky Pym criticized the team, likening zkSync’s path to that of Mantra’s OM token, which suffered a catastrophic 98% collapse. He claimed the team misused its substantial funding of around $400 million and slammed them for what he perceives as deceitful behavior. 

Another member of the community highlighted a perceived contradiction in zkSync’s narrative. The user questioned the legitimacy of the hack, suggesting it might be part of a larger trend where projects exploit the “we were hacked” narrative to cover questionable actions.

Meanwhile, Zener, founder of the Web3 infrastructure project Modularity, also weighed in, declaring that zkSync had effectively severed its bond with the community. He argued that the project’s credibility has collapsed.

The once-promising @zksync has officially turned its back on the community — and with that, its relevance ends here. It’s time to return the $ZK ticker to its rightful owner, @PolyhedraZK. Let’s not forget the blatant insult delivered through their insider-driven airdrop. pic.twitter.com/qUBu5cLSNB

— Zener (@zenerbabax) April 15, 2025

ZKSync’s Earlier Controversies 

This incident compounds existing concerns surrounding ZKSync, which has been under scrutiny since its controversial airdrop rollout in June 2024. 

Designed to reward early adopters and ecosystem participants, the airdrop allocated 3.675 billion ZK tokens, 17.5% of the total 21 billion supply, to 695,232 wallet addresses. This selection represented only about 10% of all active wallets on the network.

Notably, the distribution process faced intense criticism. One of the major points was the uneven allocation of tokens. While eligible wallets received anywhere between 450 and 100,000 ZK tokens, more than half of the entire airdrop ended up in the hands of less than 1% of participants. 

The situation was further exacerbated by apparent vulnerabilities in Sybil attack prevention. Several users manipulated the eligibility system using multiple wallets, effectively gaming the airdrop. Notably, one individual reportedly secured over 3 million ZK tokens through 85 separate wallets.