An admin account exploited 111 million ZK tokens, resulting in a massive $5M hack that woke up the crypto community this week. While ZKsync assures users their funds are safe, the incident has reignited concerns about the platform’s security and reliability.

How ZKsync Lost $5M in a Flash?

The breach was as swift as it was devastating. ZKsync’s security team revealed that an admin account, tied to three airdrop distribution contracts, was compromised. Address 0x842822c797049269A3c29464221995C56da5587D was considered the attacker, exploiting the sweepUnclaimed() function to mint 111 million ZK tokens—worth $5M—straight from the airdrop reserve.

Source: X

This incident, though isolated to the airdrop contracts, inflated the token supply by 0.45%, causing a 15-20% price drop in ZK within hours. While the core protocol and user funds remained untouched, the attacker still holds most of the stolen funds, prompting ZKsync to coordinate recovery efforts with Security Alliance and exchanges.

Source: TradingView

The community, however, isn’t buying the “isolated incident” narrative, with many questioning the platform’s security practices and transparency.

“Most Funded Layer-2” Title: Does ZKsync’s Performance Match the Hype?

ZKsync: A Layer-2 Giant in Theory

ZKsync actively leads Ethereum’s layer-2 ecosystem, utilizing zero-knowledge rollups to deliver low-cost, high-speed transactions while adopting Ethereum’s robust security. Since its inception, ZKsync has attracted significant funding, positioning itself as a go-to scaling solution for DeFi platforms, NFT marketplaces, and more. Its promise of scalability and interoperability has made it a darling of investors, with millions poured into its development. But recent events have cast a shadow over its reputation, raising the question: is ZKsync living up to its “most funded layer-2” title?

The Airdrop Fiasco: Community Backlash and Broken Trust

ZKsync’s troubles didn’t start with this hack. The project’s token airdrop, launched in June 2024, faced fierce criticism for its “unfair” distribution. Only 17.5% of the 21 billion token supply was allocated to early users, while 33.3% went to the team and investors.

ZKsync Tokenomics – Source: Cryptorank

Community members, expecting a more equitable share, accused ZKsync of favoring insiders. Additionally, others complained about the blurred conditions from ZKsync for eligible airdrops, while their volume and transaction history all met the criteria. The lack of anti-Sybil filtering allowed “farmers” to game the system, further fueling outrage. Projects like zkApes and Element NFT even formed coalitions to demand better token allocation, but ZKsync’s response fell short, leaving many users disillusioned long before this latest hack.

ZKsync’s Performance: TVL and Token Price in Freefall

The fallout from the hack has only worsened ZKsync’s already shaky performance. According to DeFiLlama, ZKsync’s total value locked (TVL) plummeted to $128M following the airdrop controversy in 2024, down from a peak of $196.55M in July 2023.

Source: DefilLama

Recently, ZKsync canceled its Ignite program, which significantly reduced the potential and motivation for ZKsync’s developers. The recent hack exacerbated this decline, with users pulling funds amid fears of further vulnerabilities. The ZK token hasn’t fared much better—after the breach, its price dropped 15-20%, falling to $0.040 before a slight recovery to $0.047. Compared to competitors like Polyhedra, which now boasts twice ZKsync’s fully diluted valuation (FDV), ZKsync’s market dominance is waning.

Once a prominent player in the layer-2 space, ZKsync now confronts the challenging task of regaining trust and stabilizing its ecosystem.

Read more: ZKsync Canceled Ignite Program

Final Thoughts: Can ZKsync Bounce Back?

This week started with a series of crypto breaches, from Mantra rug pull and KiloEx Vault being attacked to the ZKsync hack. It is a stark reminder of the vulnerabilities even the most hyped projects face in the crypto world.

ZKsync’s inability to secure its admin keys, coupled with ongoing community discontent, paints a troubling picture for its future. While the team is taking steps to recover the stolen funds and bolster security, the damage to its reputation may be harder to repair. For now, the title of “most funded layer-2” for ZKsync feels more like a hollow crown than a mark of honor. Will it rise from the ashes or become another cautionary tale in the volatile world of crypto? Only time will tell.

The post Terrible Start of Week: ZKsync Faces Devastating Hack appeared first on NFT Evening.