Quadriga Initiative Logo.png

QUADRIGA INITIATIVE

CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM

A COMMUNITY-BASED, NOT-FOR-PROFIT

UNKNOWN

MAY 2025

GLOBAL

ZKSYNC

DESCRIPTION OF EVENTS

"ZKsync is an ever expanding verifiable blockchain network, secured by math."

 

"ZK chains are high performance, verifiable, modular rollups and validiums powered by ZKsync. United in an elastic network, ZK chains can be added or expanded to handle increased transaction volume without affecting costs or hardware requirements for verification."

 

"ZK chains provide native, frictionless interoperability presented in a consistent and easy-to-use interface. This enables trustless communication and asset transfers between chains leveraging the full range of users and liquidity across the entire ZK chain ecosystem. Unlike traditional, centralized solutions, this protocol relies solely on cryptography for security."

 

"ZKsync offers secure one-tap onboarding via FaceID/Passkeys, eliminating the need for seed phrases and reducing the risk of hacks. By automatically creating modular smart accounts at the protocol level, ZKsync enables a delightful, customizable UX, allowing users to seamlessly access all ZK chains with what feels like a single account directly from their application."

 

The phishing message targeting the ZKSync community—"Big News for the ZKSync Community! The first $ZK airdrop is live! Every ZKSync follower is eligible to claim a share of the initial $ZK supply. Check it out."—employs classic social engineering tactics to trick users into engaging with a malicious link. By promising a live airdrop and universal eligibility, it creates a sense of urgency and exclusivity that plays on users' fear of missing out. The fact that it originates from compromised official accounts, like @zksync, adds a false layer of legitimacy and makes the scam more convincing.

 

Technically, the phishing link usually redirects users to a fraudulent website designed to closely mimic the official ZKSync platform. These sites often use small visual tricks, like Unicode characters in the domain name, to appear authentic. Once users arrive at the site, they are prompted to connect their crypto wallet to "claim" their tokens. However, this interaction is typically a wallet drainer scam: it initiates a malicious contract approval or token transfer, allowing the attackers to drain funds or NFTs from the user's wallet without their clear consent.

 

These phishing sites may include SSL certificates and cloned UI elements to appear safe and legitimate, while often disabling interactive features like comments or page inspection to hide their malicious intent. The combination of social engineering and technical deception makes these scams particularly dangerous in fast-moving crypto communities.

 

The amount lost is unknown.

 

Many users confirmed the compromise, urging others not to click any links and labeling the posts as scams. Some speculated about possible insider involvement or broader security lapses, while others criticized the teams for the lack of immediate updates. A few users highlighted that the malicious content included fake airdrop links, warning it could be a wallet drainer.

 

ZKSync appears to have recovered access to their account. They posted a notification:

 

"The ZKsync and Matter Labs X accounts are fully back in the control of the team. We’re looking into how the accounts were hacked, and believe it was through compromised delegated accounts.

 

All delegated accounts and connected apps have been disconnected, and we’ve deleted any tweets from the hacker."

 

It is unclear what steps, if any, are being taken to assist affected users.

 

The matter appears to have been resolved.

 

Explore This Case Further On Our Wiki

ZKSync, a modular and verifiable blockchain network built on zero-knowledge technology, enables scalable, secure, and user-friendly experiences through interconnected ZK chains and one-tap onboarding. Recently, its official social media accounts were compromised to promote a fake $ZK airdrop, leading to a phishing scam that tricked users into connecting wallets to a fraudulent site designed to drain funds. Community members quickly raised alarms, suspecting insider issues or security lapses. Though ZKSync has since regained control and removed the malicious content, the full impact remains unclear, and it’s uncertain if affected users will receive support.

ZKSync Devs - "Warning: Both @zksync and @the_matter_labs accounts have been compromised. Do not interact with that account or click any links." - Twitter/C (Jun 9)
Gamble Megami - "nice zksync acc is hacked lol" - Twitter/X (Jun 9)
cryptwild - "Come on @zksync really?? Another hack? Or your team having insider issues? Fix it for the well of community and token" - Twitter/X (Jun 9)
MutedTommy - "The @zksync account is hacked. Don't interact!!" - Twitter/X (Jun 9)
Roque - "Do not click on any links! @zksync X account may have been hacked! @zachxbt" - Twitter/X (Jun 9)
KreepToeGuy2.0 - "looks like @zksync X- account has been hacked !? Some airdrop advertising going on claiming to be first on ZkSync. ZK airdrop has happened long ago !! Anyone with contacts to @zksync please confirm. @zkSyncDevs" - Twitter/X (Jun 9)
Quitelife9 - "sus post from @zksync hope u all r carefull now." - Twitter/X (Jun 9)
Jagad Bumi - "I believe @zksync is hacked right now" - Twitter/X (Jun 9)
RuzhyoX - "ZkSync account hacked" - Twitter/X (Jun 9)
CryPto.ink - "$ZK Account X @zksync hacked, you don?t connect to the link!!" - Twitter/X (Jun 9)
Coinomy.net - "zksync Seems like zksync got hacked. Stay away for a while to see if it's really official." - Twitter/X (Jun 9)
AltcoinsGuy - "ZKSync posted this, and I think their X account might be compromised because the link looks suspicious. What do you think?' @gluk64 @zksync" - Twitter/X (Jun 9)
Bratty APEPE - " on X: 'IS @zksync hacked ? @gluk64 ? any idea ?" - Twitter/X (Jun 9)
Crypto Pak - "It seems suspicious! > I guess @zksync X have been hacked > Hacker had disabled comments See the eligibility term: every ZKsync follower is eligible for the drop ?? > It?s the same ZKsync who made me ineligible after spending 1000$ in gas & now they are making eligible" - Twitter/X (Jun 9)
0xmozzy - "Zksync x account seems to be hacked/compromized. Don't click any links!" - Twitter/X (Jun 9)
tomgptwars - "lol ZKsync's twitter account has been hacked, DO NOT interact with the link" - Twitter/X (Jun 9)
bandanaranas - "Don't click Scam" - Twitter/X (Jun 9)
Ak_Youss - "Don't intract @zksync Twitter has been hacked #Airdrop #zk #Web3 #cryptocurrency" - Twitter/X (Jun 9)
loveweifeng (Jim) - "zksync@zksync https://t.co/8AjlH25RS8" - Twitter/X (Jun 9)
AltcoinsGuy - "Both Matter labs and zksync account get hacked at the same time? Hey @gluk64 are you behind this why no updates?" - Twitter/X (Jun 9)
0xJusthuman - "lol, is zksync this ded?" - Twitter/X (Jun 9)
Reducecryptotax - "Be careful ZKsync $ZK hacked and not to click on the claim link it?s Wallet drainer. Giverep" - Twitter/X (Jun 9)
hdmmo - "Baba crypto on X: 'Don?t click on it, it seems to be a malicious link. @zksync account seems to be hacked. $ZK" - Twitter/X (Jun 9)
theLurker007 - "The Dip Guy on X: '@zkSyncDevs @the_matter_labs Deleted the ca post" - Twitter/X (Jun 9)
Lasninord - "@zksync Account is Hacked @the_matter_labs don't click on links untel more informations on that $ZK" - Twitter/X (Jun 9)
Fede's intern - "It seems @zksync and @the_matter_labs accounts might have been hacked. Be careful. https://t.co/ewfLDU2I2m" - Twitter/X (Jun 9)
Ye Zhang - "Both Matter labs and zksync account get hacked at the same time? https://t.co/ORbYhVWPfO" - Twitter/X (Jun 9)
Astorre Viola - "@fede_intern @zksync @the_matter_labs Yikes, security vibes off the charts! You think it?s a targeted attack or just bad luck this time?" - Twitter/X (Jun 9)
actual_jes - "@zksync account is hacked. do not interact. @the_matter_labs isn?t helping, too. i guess they both got hacked. stay safu mates." - Twitter/X (Jun 9)
Lasninord - "@Airdrop_Adv @InferiumAI @zksync @the_matter_labs hacked also, malicious links been shared" - Twitter/X (Jun 9)
KidjuCrypto - "@Xchainbase @zksync yeah, seems their both accounts @the_matter_labs and @zksync got hacked. those hackers lately are accessing so easy twitter accounts." - Twitter/X (Jun 9)
baudouin_sol - "Baudouin on X: '@the_matter_labs @solana 99% hacked" - Twitter/X (Jun 9)
ZKsync (Sep 18)

Sources And Further Reading

More case studies

Curve Finance Curve.Fi DNS
Hijack Malicious Frontend

MOne Meta Pro App Allows
Anyone To Unwrap Their ETH

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.