A security breach involving ZKsync’s administrative account has led to the theft of approximately $5 million worth of ZK tokens, according to the project’s official statement. This incident impacted the price of ZK tokens, which saw a temporary 17% decrease before partially recovering. While user funds remain unaffected, the security team confirmed that no other assets have been compromised. The researchers discovered that an attacker gained access to the administrative account responsible for three contracts distributing airdrop tokens. These contracts were responsible for increasing the circulating supply of ZK tokens by approximately 0.45%. Despite this incident, the project assures users that their tokens remain secure and are unaffected, and they have no plans to exploit the vulnerability again. The project has reached out to security experts and encourages the attacker to return the stolen funds to avoid legal repercussions. Further investigation is ongoing through collaboration with experts from the Security Alliance. ZKsync’s 3.6 billion token airdrop was initiated to incentivize early adopters of its network, a strategy that involved distributing tokens based on user activity. Users were given access to claim their tokens until January 2025 and those who interacted with smart contracts in ZKsync Era, contributed liquidity, traded ERC-20 tokens, or were active in the ZKsync Lite protocol received a portion of the distributed tokens. Notably, 89% of the tokens were allocated to users who participated in ZKsync’s ecosystem, while 11% was distributed among developers and community members. Following this incident, ZKsync has also reduced its developer workforce by 16%, reflecting the company’s adaptation to evolving project needs.