Another incident in the crypto world is a reminder that the supply of altcoins can be relatively easily manipulated, allowing attackers to flood the market with tokens.
This time, ZKsync, a so-called layer 2 Ethereum (ETH) blockchain scaling solution, confirmed that it was exploited, allowing criminals to rake in around $5 million worth of ZK tokens.
According to the team behind the protocol, an initial investigation has revealed that the attackers managed to compromise the account that was the admin of the three airdrop distribution smart contracts.
This allowed the criminals to create and steal 111 million ZK tokens unclaimed during last year's airdrop when tokens were distributed to the market. This has effectively increased the supply of the token by around 0.45%.
"This incident is contained to the airdrop distribution contracts only, and all the funds that could be minted have been minted," ZKsync said, claiming that no further exploits via this method are possible.
Also, the inventor of ZKsync, ALEX | ZK ∎ (@gluk64 on X), has stressed that an "operator key" was compromised, not its code.
When asked why he didn't foresee this possible attack, the inventor replied, "You can't predict Black Swans. You thrive by learning from them and being ready for all eventualities."
"We will analyze the root cause and share the post-mortem," he added.
The team also said it's now coordinating recovery efforts with cybersecurity experts and crypto exchanges, while the attackers still hold around 45 million ZK tokens and around $1.6 million in ETH and are being offered negotiations with ZKsync to avoid "legal liability."
The price of ZK dropped around 13% following the news but has already recovered most of its losses and is down 3% on the day.
Your email address will not be published. Required fields are markedmarked