ZKsync was hacked for 5 million dollars, and the cryptocurrency sector has been under attack by hackers for several days

Author: Bright, Foresight News

On April 15 at 9:29 PM, the price of ZKsync, one of the "four kings of Ethereum L2," plummeted by 17.2% in just seven minutes, briefly dropping to $0.0396. Subsequently, the South Korean exchange Bithumb suspended ZKsync's deposits and withdrawals due to security issues.

Official Response and Community Doubts

At 9:49 PM on April 15, ZKsync's official Twitter account released a statement saying that their security team discovered a stolen admin account controlling approximately $5 million worth of ZK tokens, which did not appear out of nowhere but came from unclaimed leftover tokens from a previous ZKsync airdrop event. They stated that the abnormal issuance and sell-off were isolated incidents caused by the stolen key, limited to the airdrop contract itself. All user funds are safe and have never faced risk; the ZKsync protocol and ZK token contract were unaffected, and there are no additional tokens at risk of being stolen.

At 11:25 PM, ZKsync's official Twitter updated the latest developments on the theft, stating, "The investigation shows that the admin account 0x842822c797049269A3c29464221995C56da5587D, responsible for managing three airdrop distribution contracts, has been compromised. The attacker called the sweepUnclaimed() function and minted approximately 111 million unclaimed ZK tokens from the airdrop contract. This transaction increased the total circulating supply of tokens by about 0.45%. This incident is limited to the airdrop distribution contract, and all mintable funds have been minted."

Despite the official's quick responses, the on-chain issuance and dumping of ZK tokens are indeed shocking. The community is skeptical of the official "investigation" and strongly questions whether it is a case of centralized wrongdoing by the team.

Community members stated that ZKsync's statement is completely perfunctory and cannot shake off the suspicion of self-theft. They emphasized the potential consequences of the ZKsync incident leading to a loss of trust among VC coins.

King-Level "Ghost Chain" and Liquidity Crisis

ZKsync was once a "king project" in Ethereum's Layer 2, one of the four mainstream Rollup solutions (Optimism, Arbitrum, zkSync, StarkNet). ZKsync uses ZK Rollup technology to directly verify data validity through zero-knowledge proofs, transferring transaction processing from the Ethereum main chain to side chains, significantly reducing transaction costs and increasing speed.

However, ZKsync's on-chain data can be described as "desolate," and it has been referred to as a "ghost chain" by many community members. Since the airdrop in June 2024, most ecosystem participants have chosen to liquidate their holdings, leading to a decline in both TVL and protocol revenue. According to Defillama data, the number of active addresses on ZKsync has decreased by 83.5% since June 2024, and the average daily trading volume has plummeted by 86%. After March of this year, the daily revenue of the ZKsync protocol has barely exceeded $1,000. Even more bizarrely, from March 14 to March 27, the ZKsync protocol's revenue was $0.

ZKsync has attempted to salvage its dismal ecosystem activity. In January of this year, ZKsync launched the Ignite plan, aiming to allocate 300 million ZK tokens (approximately $60 million) within nine months to attract more liquidity to its Layer 2 network and promote the rapid development of the DeFi ecosystem. The launch of this plan led to a nearly 90% increase in ZKsync's TVL within just a week, soaring from $97 million to $184 million. However, this plan was quickly halted after the market downturn in March, laying the groundwork for today's "issuance dump" scenario.

It can be said that ZKsync faces the common problems of all Ethereum L2s—thin applications, a sharp drop in daily active users, and dismal revenue, with ZKsync's liquidity performance possibly being the worst among them.

"Broken Window Effect" and Trust Crisis

In the few days leading up to the ZKsync theft, the crypto world had already experienced OM's one-click liquidation, the theft of the KiloEX protocol, and the theft of Odinfun. For a moment, it felt like a crypto version of "The Matrix" was being screened.

However, the statement "All responsibility lies with the hacker; we will provide an investigation report as soon as possible" has lost any effectiveness in the eyes of community members. In fact, even now, including ZKsync, many projects that have been hacked have not made substantial positive statements regarding how the stolen funds will be handled or how user losses will be compensated.

The broken window theory suggests that any visible signs of disorder, neglect, and crime, such as broken windows and vandalism, may encourage further crime and antisocial behavior in an area. Because these signs indicate that order has been disrupted and law enforcement is lacking. In the chaotic realm of Web3, when an OM presses the "SELL ALL" nuclear button and visibly faces no significant sanctions, many projects already struggling with liquidity may implement soft "RUG" exits under various pretexts.

Given the currently unclear market conditions, the dark forest nature of the crypto world re-emerges. The low cost of wrongdoing by project teams and the high cost for users to seek the truth are once again brought to the forefront, and a community saying at this moment is so ironic—"What might take you 20 years in the traditional world can be done here with just some bad reputation."

Therefore, never challenge a project's bottom line with funds; the spiral of moral silence will only sink deeper. Cherish those projects that continue to BUILD amidst uncertain market conditions, and hope everyone can Stay Safe and achieve victory.