ZKSWAP

DESCRIPTION OF EVENTS

ZKSwap is a decentralized exchange (DEX) operating under the ZKBase ecosystem, designed as a Layer 2 scaling solution on Ethereum using zero-knowledge rollup (zk-rollup) technology. Its core innovation lies in leveraging zero-knowledge proofs to batch and validate transactions off-chain, dramatically reducing gas fees and increasing throughput. By deploying its infrastructure as a zk-rollup, ZKSwap enables users to perform high-speed, low-cost swaps while maintaining the same level of security as Ethereum Layer 1. The project also includes a robust bridge system, allowing seamless and secure asset transfers between Ethereum Layer 1 (L1) and ZKSwap Layer 2 (L2).

Developed by the L2Lab team, ZKSwap launched its mainnet after securing $1.7 million in angel investment from firms such as Bixin, SNZ, FBG, and Longling Capital. Built on an Automated Market Maker (AMM) model, the platform enables zero-gas swaps, instant confirmations, and a theoretical throughput exceeding 10,000 transactions per second. At its peak, ZKSwap reached a total value locked (TVL) of over $1 billion, reflecting strong adoption in the decentralized finance (DeFi) space. Users benefit from fast withdrawals—typically around 40 minutes to Layer 1—and full asset ownership, as transactions are executed without third-party custody or authorization, preserving both privacy and security.

As part of the broader ZKBase initiative, ZKSwap integrates into an ecosystem that includes other Layer 2 products such as ZKSquare (payments), ZKSea (NFT marketplace), and ZNS (naming services). ZKBase aims to enhance scalability and interoperability across Ethereum and Bitcoin networks through zk-rollup and cross-chain technologies. The roadmap outlines continued expansion into zkSync Era and Bitcoin Layer 2 environments, along with cross-chain bridges and EVM-compatible zkEVM solutions. By combining scalability, security, and decentralization, ZKSwap represents a significant step toward realizing a faster, more efficient, and user-friendly DeFi infrastructure.

The ZKSwap bridge exploit stemmed from a flaw in its Exodus Mode, a failsafe designed to let users withdraw assets from Layer 2 to Layer 1 if the operator became unresponsive. Under normal conditions, withdrawals required cryptographic validity proofs generated by the operator, but Exodus Mode allowed users to submit proofs manually to the Ethereum Layer 1 contract. This mechanism depended entirely on the correct functioning of the verifyExitProof() function, which was supposed to validate cryptographic evidence showing that the user’s balance existed in the last verified Layer 2 state. However, this safeguard—intended to protect users—was precisely where the vulnerability emerged.

When ZKSwap entered Exodus Mode in February 2025, its bridge contract contained a critical oversight: the verifyExitProof() function always returned true, effectively bypassing any real cryptographic verification. This meant that any submitted withdrawal claim, regardless of authenticity, was automatically accepted. On July 9, 2025, an attacker exploited this flaw by crafting fake “proofs” that claimed arbitrary token balances. Because the verification always succeeded, the bridge’s exit() function credited these fabricated balances to the attacker’s account onchain. The attacker repeated this process across multiple token IDs, inflating withdrawal amounts and undermining the entire integrity of the bridge’s emergency withdrawal path.

The vulnerability was further amplified by weak nullifier logic designed to prevent double withdrawals. The system used a simplistic bit-packed exited mapping that failed to enforce uniqueness correctly, allowing the attacker to reuse the same withdrawal paths multiple times. After accumulating large onchain balances through these fake exits, the attacker invoked the regular withdraw() function to transfer the assets out of the bridge. In total, they siphoned approximately $5 million worth of tokens. The entire exploit followed a predictable sequence—triggering Exodus Mode, submitting fake proofs, crediting artificial balances, and executing withdrawals—without any need for advanced cryptographic manipulation.

Main Attacker EOA 0x0a652decf9caca373e2b50607ecb7b069d71a7ba Main exploit contract 0x2D3103c8Fdd9d9411E24f555fdad6B22F29F613A Fake Token Contract 0xF0628CE987B7cf5d3687E1A7656fE37b556742dE Attacker EOA 0xc6751e605869a06f91fee6039ae806d089e4c32e Attacker EOA 0xf7fd39cbdc12d5002975d3f16ed67583e6243d68 Attacker EOA 0x3aa199a8362e399ce47e7d12467f8c5034f2713b Victim contract 0x8eca806aecc86ce90da803b080ca4e3a9b8097ad

SlowMist reports the amount of loss at $5m USD.

While the code flaw was the direct cause, the broader failure was a lack of real-time monitoring and automated safeguards. Blockchain activity logs show a clear 10-minute window between the deployment of the attacker’s contract and the first successful withdrawal. Multiple onchain signals—mode activation, arbitrary proof submissions, and balance spikes—were visible but went unaddressed. Had there been automated alerting or a system to pause withdrawals upon abnormal Exodus Mode activity, the loss could have been prevented.

The ZKBase team does not appear to have any public mentions of the exploit or any reactions.

There does not appear to be any recovery in progress.

It is unclear if any investigation is underway or any effort was made to recover any of the affected funds.

ZKSwap, a decentralized exchange under the ZKBase ecosystem, suffered an exploit in its bridge system due to a flaw in its Exodus Mode, designed to allow users to withdraw assets in case the operator became unresponsive. The flaw was in the verifyExitProof() function, which failed to validate withdrawal claims, allowing attackers to submit fake proofs and siphon $5 million worth of assets. Weak nullifier logic further enabled multiple fraudulent withdrawals. Despite clear onchain signals of the exploit, a lack of real-time monitoring and automated safeguards allowed the attack to unfold. No public response or recovery efforts have been announced by the ZKBase team

More case studies

GMX V1 Cross-Contract
Re-Entrancy Flash Loan Attack

Kinto Token Hidden Off-Network
Proxy Initialization Exploit