zkSync Confirms Security Breach Resulting in the Theft of $5 Million in ZK Tokens

zkSync, an Ethereum Layer 2 network with over $500 million in total value locked (TVL), has confirmed a security breach resulting in the theft of $5 million in ZK tokens.

ZkSync, a popular Ethereum Layer 2 network known for its advanced privacy features and the recent buzz surrounding its airdrop, has confirmed a security breach. The incident, which occurred on Thursday, May 14, resulted in the theft of $5 million in ZK tokens, according to the latest data from CoinGecko.

The breach was caused by the compromise of an admin wallet, which was used to steal tokens that were intended for unclaimed airdrop claims. The team has assured users that no personal funds were affected and remain completely safe.

“We can confirm that an admin wallet used for unclaimed airdrop tokens has been compromised, and as a result, a small portion of ZK tokens were stolen,” the zkSync team said in a statement posted on X.

“This did not affect the ZK token contract or any user wallets. The protocol itself is not breached, and all user funds are safe.”

The team is currently investigating the attack while also reinforcing its internal security systems to avoid similar issues in the future.

“Necessary security measures are being taken. We will provide updates on the investigation and any relevant information.”

Following the news of the hack, the price of the ZK token dropped by around 10%. However, despite the breach, zkSync’s TVL on Thursday remained above $500 million, according to DeFiLlama data.

The incident highlights the ongoing challenges faced by the crypto industry in 2025 with regards to security. In just the first quarter of the year, total losses from cryptocurrency-related hacks and thefts have surpassed $1.77 billion, as reported by Finbold. A significant portion of that figure was tied to a major exploit involving a Bybit wallet, which led to the theft of over $1 billion in crypto assets.

These figures underscore the urgent need for robust security measures and cooperation between industry stakeholders to mitigate the threat of cybercrime in the rapidly evolving crypto ecosystem.output: zkSync, an Ethereum Layer 2 network with over $500 million in total value locked (TVL), has confirmed a security breach resulting in the theft of $5 million in ZK tokens. The incident was caused by the compromise of an admin wallet, and no personal funds were affected.

zkSync Confirms Hack, $5 Million in ZK Tokens Stolen

The stolen assets came from a reserve of unclaimed tokens related to the recent zkSync airdrop. These tokens were not part of any user wallet, but instead held in a wallet controlled by the zkSync team. According to an official statement posted by the team on X, "This did not affect the ZK token contract or any user wallets. The protocol itself is not breached, and all user funds are safe."

The team is currently investigating the attack while also reinforcing its internal security systems to avoid similar issues in the future. "Necessary security measures are being taken. We will provide updates on the investigation and any relevant information."

The zkSync team also emphasized that the protocol’s core infrastructure and smart contracts remain intact, and no user accounts or funds were involved in the breach.

However, the news of the hack led to a decline in the price of the ZK token by about 10%. Despite the relatively small scale of the theft, the market reaction reflected general concerns in the crypto space around platform security.

Earlier this year, a major exploit on the Bybit exchange saw hackers steal over $1 billion in crypto, highlighting the persistent vulnerabilities within the industry.

In the first quarter of 2025, crypto-related hacks and thefts resulted in a total loss of over $1.77 billion, according to data from Finbold. These figures underscore the urgent need for robust security measures and cooperation between industry stakeholders to mitigate the threat of cybercrime in the rapidly evolving crypto ecosystem.