On April 15th, the team behind Ethereum’s Layer-2 scaling solution, ZKsync, discovered a compromised admin account that led to the theft of $5 million worth of ZK tokens. This theft involved unclaimed tokens from the ZKsync airdrop, which were meant to be distributed to early users. The team assures users their funds are secure and no further loss is expected. The incident stems from a compromised key used by the admin account, which was solely focused on the airdrop distribution contracts. 2.1 million USD worth of ZK tokens remain in the attacker’s possession as well. 0.45% of the total ZK token supply was affected by this action. The ZKsync team is actively investigating the incident and will release a full update once the investigation and recovery efforts are complete.