ZKsync Hack Exposes $5M Flaw in Token Distribution

• ZKsync confirmed a compromised admin account exploited to mint 111M ZK tokens.
• The breach triggered criticism, raising concerns about project direction and security.

ZKsync is back in the spotlight, and this time it’s not because of its technological innovation. The team confirmed that one of its internal admin accounts was hacked. The result? Over $5 million in ZK tokens were transferred to a wallet that should have had no access to it.

The incident occurred through an exploit of the “sweepUnclaimed()” function in the airdrop contract, which was supposed to be used only to distribute unclaimed tokens. However, the leaked admin access allowed the attacker to unilaterally mint over 111 million ZK tokens.

🚨JUST IN: ZKSYNC TEAM IDENTIFIES COMPROMISED ADMIN ACCOUNT THAT “TOOK CONTROL OF ~ $5M WORTH OF ZKSYNC TOKENS.”

— BSCN Headlines (@BSCNheadlines) April 15, 2025

According to the ZKsync team, the vulnerability was limited to the distribution contract, and did not affect user funds or the core protocol. However, the incident immediately lowered public confidence. The price of the ZK token took a hit, and the community backlash was fierce. Some even called the incident a failure in security management that should have been a priority from the start.

ZKsync’s Tech Appeal Isn’t Completely Fading

On the other hand, the CNF previously reported that the ZKsync team had discontinued Ignite Season 2—an incentive program originally designed to encourage liquidity provision. The reasons are quite reasonable: the crypto market is under pressure, and the ZK token itself has plunged more than 35% in the past month.

Not only that, the total value locked (TVL) on their network has also plummeted, dropping almost 50% since the end of January. The combination of the hack and the performance slowdown has many users starting to wonder: where is this project really headed?

At first glance, this is indeed an unfortunate situation. But interestingly, this does not mean that ZKsync has been completely abandoned. In fact, amid the storm, there are several things that still show that their technology has not lost its appeal—especially in the eyes of large institutions.

Real-World Use Cases Keep the Vision Alive

On January 31, Swiss bank UBS completed a UBS Key4 Gold trial on the ZKsync network. This program allows their clients to buy claims on physical gold directly, while maintaining privacy. This means that even though the project is shaky in the eyes of the crypto public, big players are still using its technology for large-scale experiments.

Furthermore, in March, Lagrange’s company partnered with Matter Labs, the party behind ZKsync. They agreed to shift up to 75% of proof requests to Lagrange’s decentralized network. The goal? Lower costs, increase capacity, and reduce reliance on centralized solutions.

However, that’s not all. A report from GBA Global on March 26 also showed that ZKsync Era is still a major liquidity hub on the Elastic network. With a bridge TVL of over $795 million and DeFi TVL reaching $430 million, the project is apparently still attracting attention from Sygnum Bank, Deutsche Bank, and of course, UBS.

Meanwhile, as of press time, ZK is swapped hands at about $0.04669, down 4.50% over the last 24 hours and 8.25% over the last 7 days.