ZKSync and The Matter Labs Twitter/X Hack Airdrop Scam

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 17:22, 18 July 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/zksyncandthematterlabstwitterxhackairdropscam.php}} {{Unattributed Sources}} thumb|ZkSync Logo/HomepageZKSync, a modular and verifiable blockchain network built on zero-knowledge technology, enables scalable, secure, and user-friendly experiences through interconnected ZK chains and one-tap onboarding. Recently, its official social media accounts were compromised to...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

ZkSync Logo/Homepage

ZKSync, a modular and verifiable blockchain network built on zero-knowledge technology, enables scalable, secure, and user-friendly experiences through interconnected ZK chains and one-tap onboarding. Recently, its official social media accounts were compromised to promote a fake $ZK airdrop, leading to a phishing scam that tricked users into connecting wallets to a fraudulent site designed to drain funds. Community members quickly raised alarms, suspecting insider issues or security lapses. Though ZKSync has since regained control and removed the malicious content, the full impact remains unclear, and it’s uncertain if affected users will receive support.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33]

About ZKSync

"ZKsync is an ever expanding verifiable blockchain network, secured by math."

"ZK chains are high performance, verifiable, modular rollups and validiums powered by ZKsync. United in an elastic network, ZK chains can be added or expanded to handle increased transaction volume without affecting costs or hardware requirements for verification."

"ZK chains provide native, frictionless interoperability presented in a consistent and easy-to-use interface. This enables trustless communication and asset transfers between chains leveraging the full range of users and liquidity across the entire ZK chain ecosystem. Unlike traditional, centralized solutions, this protocol relies solely on cryptography for security."

"ZKsync offers secure one-tap onboarding via FaceID/Passkeys, eliminating the need for seed phrases and reducing the risk of hacks. By automatically creating modular smart accounts at the protocol level, ZKsync enables a delightful, customizable UX, allowing users to seamlessly access all ZK chains with what feels like a single account directly from their application."

About ZKSync Airdrop

"Big News for the ZKSync Community! The first $ZK airdrop is live! Every ZKSync follower is eligible to claim a share of the initial $ZK supply. Check it out."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Hackers compromised the official @zksync and @the_matter_labs Twitter accounts to promote a fake $ZK airdrop, using a phishing link to steal users’ funds through a wallet-draining scam.

Key Event Timeline - ZKSync and The Matter Labs Twitter/X Hack Airdrop Scam
Date Event Description
May 12th, 2025 5:31:00 PM MDT ZkSync Community Warnings Users in the community start to warn about both Twitter/X accounts being hacked. From available screenshots, it appears that the @ZKSync account posts about an airdrop and @the_matter_labs retweets that post.
May 12th, 2025 6:23:00 PM MDT ZKSync Devs Warning Post ZKSync Devs post to warn users that both @zksync and @the_matter_labs Twitter accounts have been compromised. They strongly advise against interacting with the accounts or clicking any links shared from them. Users are instructed to wait for official confirmation from the @zkSyncDevs account once control is restored, at which point they will quote tweet the original warning.
May 12th, 2025 7:23:00 PM MDT Account Officially Recovered The ZKSync account posts a notice that they have fully recovered both accounts.
May 14th, 2025 9:00:00 AM MDT Repost By ZKSync Devs The official post is subsequently reposted by the ZKSync Devs account, as originally promised.

Technical Details

The phishing message targeting the ZKSync community—"Big News for the ZKSync Community! The first $ZK airdrop is live! Every ZKSync follower is eligible to claim a share of the initial $ZK supply. Check it out."—employs classic social engineering tactics to trick users into engaging with a malicious link. By promising a live airdrop and universal eligibility, it creates a sense of urgency and exclusivity that plays on users' fear of missing out. The fact that it originates from compromised official accounts, like @zksync, adds a false layer of legitimacy and makes the scam more convincing.

Technically, the phishing link usually redirects users to a fraudulent website designed to closely mimic the official ZKSync platform. These sites often use small visual tricks, like Unicode characters in the domain name, to appear authentic. Once users arrive at the site, they are prompted to connect their crypto wallet to "claim" their tokens. However, this interaction is typically a wallet drainer scam: it initiates a malicious contract approval or token transfer, allowing the attackers to drain funds or NFTs from the user's wallet without their clear consent.

These phishing sites may include SSL certificates and cloned UI elements to appear safe and legitimate, while often disabling interactive features like comments or page inspection to hide their malicious intent. The combination of social engineering and technical deception makes these scams particularly dangerous in fast-moving crypto communities.

Total Amount Lost

The amount lost is unknown.

The total amount lost is unknown.

Immediate Reactions

Many users confirmed the compromise, urging others not to click any links and labeling the posts as scams. Some speculated about possible insider involvement or broader security lapses, while others criticized the teams for the lack of immediate updates. A few users highlighted that the malicious content included fake airdrop links, warning it could be a wallet drainer.

Ultimate Outcome

ZKSync appears to have recovered access to their account. They posted a notification:

"The ZKsync and Matter Labs X accounts are fully back in the control of the team. We’re looking into how the accounts were hacked, and believe it was through compromised delegated accounts.

All delegated accounts and connected apps have been disconnected, and we’ve deleted any tweets from the hacker."

Total Amount Recovered

It is unclear what steps, if any, are being taken to assist affected users.

There do not appear to have been any funds recovered in this case.

Ongoing Developments

It is unclear if the perpetrator will be caught and how so many Twitter/X accounts are being compromised.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. ZKSync Devs - "Warning: Both @zksync and @the_matter_labs accounts have been compromised. Do not interact with that account or click any links." - Twitter/C (Accessed Jun 9, 2025)
  2. Gamble Megami - "nice zksync acc is hacked lol" - Twitter/X (Accessed Jun 9, 2025)
  3. cryptwild - "Come on @zksync really?? Another hack? Or your team having insider issues? Fix it for the well of community and token" - Twitter/X (Accessed Jun 9, 2025)
  4. MutedTommy - "The @zksync account is hacked. Don't interact!!" - Twitter/X (Accessed Jun 9, 2025)
  5. Roque - "Do not click on any links! @zksync X account may have been hacked! @zachxbt" - Twitter/X (Accessed Jun 9, 2025)
  6. KreepToeGuy2.0 - "looks like @zksync X- account has been hacked !? Some airdrop advertising going on claiming to be first on ZkSync. ZK airdrop has happened long ago !! Anyone with contacts to @zksync please confirm. @zkSyncDevs" - Twitter/X (Accessed Jun 9, 2025)
  7. Quitelife9 - "sus post from @zksync hope u all r carefull now." - Twitter/X (Accessed Jun 9, 2025)
  8. Jagad Bumi - "I believe @zksync is hacked right now" - Twitter/X (Accessed Jun 9, 2025)
  9. RuzhyoX - "ZkSync account hacked" - Twitter/X (Accessed Jun 9, 2025)
  10. CryPto.ink - "$ZK Account X @zksync hacked, you don?t connect to the link!!" - Twitter/X (Accessed Jun 9, 2025)
  11. Coinomy.net - "zksync Seems like zksync got hacked. Stay away for a while to see if it's really official." - Twitter/X (Accessed Jun 9, 2025)
  12. AltcoinsGuy - "ZKSync posted this, and I think their X account might be compromised because the link looks suspicious. What do you think?' @gluk64 @zksync" - Twitter/X (Accessed Jun 9, 2025)
  13. Bratty APEPE - " on X: 'IS @zksync hacked ? @gluk64 ? any idea ?" - Twitter/X (Accessed Jun 9, 2025)
  14. Crypto Pak - "It seems suspicious! > I guess @zksync X have been hacked > Hacker had disabled comments See the eligibility term: every ZKsync follower is eligible for the drop ?? > It?s the same ZKsync who made me ineligible after spending 1000$ in gas & now they are making eligible" - Twitter/X (Accessed Jun 9, 2025)
  15. 0xmozzy - "Zksync x account seems to be hacked/compromized. Don't click any links!" - Twitter/X (Accessed Jun 9, 2025)
  16. tomgptwars - "lol ZKsync's twitter account has been hacked, DO NOT interact with the link" - Twitter/X (Accessed Jun 9, 2025)
  17. bandanaranas - "Don't click Scam" - Twitter/X (Accessed Jun 9, 2025)
  18. Ak_Youss - "Don't intract @zksync Twitter has been hacked #Airdrop #zk #Web3 #cryptocurrency" - Twitter/X (Accessed Jun 9, 2025)
  19. loveweifeng (Jim) - "zksync@zksync https://t.co/8AjlH25RS8" - Twitter/X (Accessed Jun 9, 2025)
  20. AltcoinsGuy - "Both Matter labs and zksync account get hacked at the same time? Hey @gluk64 are you behind this why no updates?" - Twitter/X (Accessed Jun 9, 2025)
  21. 0xJusthuman - "lol, is zksync this ded?" - Twitter/X (Accessed Jun 9, 2025)
  22. Reducecryptotax - "Be careful ZKsync $ZK hacked and not to click on the claim link it?s Wallet drainer. Giverep" - Twitter/X (Accessed Jun 9, 2025)
  23. hdmmo - "Baba crypto on X: 'Don?t click on it, it seems to be a malicious link. @zksync account seems to be hacked. $ZK" - Twitter/X (Accessed Jun 9, 2025)
  24. theLurker007 - "The Dip Guy on X: '@zkSyncDevs @the_matter_labs Deleted the ca post" - Twitter/X (Accessed Jun 9, 2025)
  25. Lasninord - "@zksync Account is Hacked @the_matter_labs don't click on links untel more informations on that $ZK" - Twitter/X (Accessed Jun 9, 2025)
  26. Fede's intern - "It seems @zksync and @the_matter_labs accounts might have been hacked. Be careful. https://t.co/ewfLDU2I2m" - Twitter/X (Accessed Jun 9, 2025)
  27. Ye Zhang - "Both Matter labs and zksync account get hacked at the same time? https://t.co/ORbYhVWPfO" - Twitter/X (Accessed Jun 9, 2025)
  28. Astorre Viola - "@fede_intern @zksync @the_matter_labs Yikes, security vibes off the charts! You think it?s a targeted attack or just bad luck this time?" - Twitter/X (Accessed Jun 9, 2025)
  29. actual_jes - "@zksync account is hacked. do not interact. @the_matter_labs isn?t helping, too. i guess they both got hacked. stay safu mates." - Twitter/X (Accessed Jun 9, 2025)
  30. Lasninord - "@Airdrop_Adv @InferiumAI @zksync @the_matter_labs hacked also, malicious links been shared" - Twitter/X (Accessed Jun 9, 2025)
  31. KidjuCrypto - "@Xchainbase @zksync yeah, seems their both accounts @the_matter_labs and @zksync got hacked. those hackers lately are accessing so easy twitter accounts." - Twitter/X (Accessed Jun 9, 2025)
  32. baudouin_sol - "Baudouin on X: '@the_matter_labs @solana 99% hacked" - Twitter/X (Accessed Jun 9, 2025)
  33. ZKsync (Accessed Sep 18, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=ZKSync_and_The_Matter_Labs_Twitter/X_Hack_Airdrop_Scam&oldid=6799"