zkSync, an Ethereum Layer 2 network with over $500 million in total value locked (TVL), has confirmed a security breach resulting in the theft of $5 million in ZK tokens.
The incident was caused by the compromise of an admin wallet. Despite the loss, the zkSync team has assured users that their personal funds are unaffected and remain completely safe.
Tokens Stolen Were From Unclaimed Airdrop Pool
The stolen assets came from a reserve of unclaimed tokens related to the recent zkSync airdrop. These tokens were not part of any user wallet, but instead held in a wallet controlled by the zkSync team. According to an official statement posted on X, the team said, “Necessary security measures are being taken,” and emphasized that the protocol itself has not been breached.
The team is currently investigating the attack while also reinforcing its internal security systems to avoid similar issues in the future.
ZK Token Price Sees a Dip
Following the news of the hack, the price of the ZK token dropped by around 10%, according to data from CoinGecko. Although the breach did not impact the ZK token contract or user wallets, the market reaction reflected general concerns in the crypto space around platform security.
The zkSync team has made it clear that the protocol’s core infrastructure and smart contracts remain intact, and no user accounts or funds were involved in the breach.
Security Concerns Grow in 2025 Crypto Landscape
This incident adds to a growing list of security challenges facing the crypto industry in 2025. In just the first quarter of the year, total losses from cryptocurrency-related hacks and thefts have surpassed $1.77 billion, according to a report by Finbold. A large portion of that figure was tied to a major exploit involving a Bybit wallet.