ZkSync Official Discord Compromise Fake Airdrop

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

ZkSync Logo/Homepage

ZKSync is a protocol which enables trustless communication and asset transfers between different blockchains, improving scalability. On August 25th, the official Discord server began promoting an airdrop offer to users. Users who accepted this promotion would have their assets drained. There is no indication of anyone falling for the scheme. The ZKSync team reports having resolved the issue within 20 minutes, however no specific timeline has been provided to substantiate this claim.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45][46][47]

About ZKSync

"ZKsync is an ever expanding verifiable blockchain network, secured by math."

"ZK chains are high performance, verifiable, modular rollups and validiums powered by ZKsync. United in an elastic network, ZK chains can be added or expanded to handle increased transaction volume without affecting costs or hardware requirements for verification."

"ZK chains provide native, frictionless interoperability presented in a consistent and easy-to-use interface. This enables trustless communication and asset transfers between chains leveraging the full range of users and liquidity across the entire ZK chain ecosystem. Unlike traditional, centralized solutions, this protocol relies solely on cryptography for security."

"ZKsync offers secure one-tap onboarding via FaceID/Passkeys, eliminating the need for seed phrases and reducing the risk of hacks. By automatically creating modular smart accounts at the protocol level, ZKsync enables a delightful, customizable UX, allowing users to seamlessly access all ZK chains with what feels like a single account directly from their application."

"It's time for round 2 of the $ZK airdrop. For all those who believed and continued to build with us and be apart of the future of crypto, we have a surprise for you.

We have seen staggering growth and incredible support from our amazing community. We appreciate, and thank each and every one of you, so we wanted to make round 2 something special, something that rewards the loyal supporters of our community.

We have so much planned, and still have so many more surprises for our builders and loyal supporters. This is only the beginning.

Stay tuned for our Twitter AMA being hosted shortly."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"ZkSync's official Discord has been compromised, and hackers have posted a malicious link promoting a fake "second round airdrop" plan, falsely promising users free ZK tokens."

Key Event Timeline - ZkSync Official Discord Compromise Fake Airdrop
Date Event Description
August 25th, 2024 12:17:00 PM MDT Discord Compromise Mention The first mention on Twitter of the Discord being compromised. Including a screenshot.
August 25th, 2024 12:52:00 PM MDT Incident Under Investigation A note about the team investigating some compromised links on the Discord is posted on Discord, which is later found in a Tweet.
August 25th, 2024 3:15:17 PM MDT Capture Of Phishing Site The phishing website is captured by the internet archive, however at this time it's already been reported as s suspected phishing site, so the capture fails.
August 25th, 2024 10:47:03 PM MDT CoinTelegraph Article CoinTelegraph publishes an article discussing the Discord breach of the ZKSync Discord account.
August 25th, 2024 11:21:00 PM MDT Coinness GL Tweet The compromise is mentioned in a tweet by Twitter user CoinnessGL, along with other recent compromises.

Technical Details

"only one hour after the Avalanche exploit, the official Discord of the ZkSync was also reportedly compromised.

Hackers once again shared malicious links to a sham “round 2 airdrop” scheme, promising users free ZK tokens."

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Scam Links We're investigating some comrpmised accounts posting scam links across the Discord Server. Please do not click on any unknown links or any links potsed to prevent from being scammed. We'll keep everyone updated as we find more information."

"PANews August 26 news, according to Cointelegraph, inLess than 48 hours after Polygon’s Discord was invaded yesterday, The official Discord servers of L1 network Avalanche and L2 chain ZKsync have also been attacked one after another. The Avalanche team has found “ that this problem has been solved and is working hard to get the server back to normal. Only one hour after the Avalanche loophole was exploited, ZkSync official Discord was also invaded, and hackers again shared the malicious link of the false “ second round of airdrop ” program, promising to provide users with free ZK tokens. Some ZkSync team members have noticed the loophole."

"Just an hour after Avalanche’s servers were compromised, the official ZkSync Discord was also hit. Once again, hackers shared links to the round 2 airdrop scam which tricks users into thinking they are getting free ZK tokens.

Unlike Avalanche, ZKsync is yet to address the issue on X but a number of team members have brought attention to the breach on Discord itself."

"However, only one hour after the Avalanche exploit, the official Discord of the ZkSync was also reportedly compromised.

Hackers once again shared malicious links to a sham “round 2 airdrop” scheme, promising users free ZK tokens.

ZkSync has not addressed the exploit on X however several of ZkSync’s team members have made note of the compromise on Discord.

The attack on Avalanche and zkSync came less than 48 hours after the official Discord for Polygon was compromised in a similar manner, with hackers sharing malicious links throughout the server. "

"However, just an hour later, ZKsync’s official Discord was also targeted by hackers. Similar to the Avalanche attack, the perpetrators shared links to a bogus “round 2 airdrop” scheme, promising free ZK tokens to unsuspecting users. Although ZKsync has not formally addressed the exploit on X, several team members acknowledged the breach on their Discord server."

Ultimate Outcome

"Henri Vies, media relations head at Matter Labs — the firm behind ZkSync — said there was “an issue on the ZKsync discord,” and noted that the team had managed to handle it in about 20 minutes and return the sever to normal."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. SlowMist Hacked - SlowMist Zone (Accessed Sep 18, 2024)
  2. Avalanche、ZKsync官方Discord服务器遭遇攻击 - PANews (Accessed Sep 18, 2024)
  3. https://cointelegraph.com/news/polygon-discord-scam-hits-avalanche-zksync-hours-later (Accessed Sep 18, 2024)
  4. Discord of Blockchain Platform Avalanche & ZKsync Compromised (Accessed Sep 18, 2024)
  5. Polygon discord compromise hits Avalanche, ZKsync hours later (Accessed Sep 18, 2024)
  6. Avalanche and ZKsync Discord Servers Compromised (Accessed Sep 18, 2024)
  7. @CoinnessGL Twitter (Accessed Sep 18, 2024)
  8. @hammertoesknows Twitter (Accessed Sep 18, 2024)
  9. @darkray_musings Twitter (Accessed Sep 18, 2024)
  10. @Timi34518217 Twitter (Accessed Sep 18, 2024)
  11. @watzeneth Twitter (Accessed Sep 18, 2024)
  12. @codeglitch Twitter (Accessed Sep 18, 2024)
  13. @elulueth Twitter (Accessed Sep 18, 2024)
  14. @beadce Twitter (Accessed Sep 18, 2024)
  15. @Ricardo__Gordon Twitter (Accessed Sep 18, 2024)
  16. @quiniyedios Twitter (Accessed Sep 18, 2024)
  17. @realmoonverse Twitter (Accessed Sep 18, 2024)
  18. @iam_melex Twitter (Accessed Sep 18, 2024)
  19. @weakhand_gg Twitter (Accessed Sep 18, 2024)
  20. @CryptoMage_YT Twitter (Accessed Sep 18, 2024)
  21. @MaskaraChico Twitter (Accessed Sep 18, 2024)
  22. @AliTslm Twitter (Accessed Sep 18, 2024)
  23. @TheBrownGentYT Twitter (Accessed Sep 18, 2024)
  24. @valkyrypto Twitter (Accessed Sep 18, 2024)
  25. @BenniDaytime Twitter (Accessed Sep 18, 2024)
  26. @911Corp Twitter (Accessed Sep 18, 2024)
  27. @0xRouss Twitter (Accessed Sep 18, 2024)
  28. @BadSocialNet Twitter (Accessed Sep 18, 2024)
  29. @yichuan_drive Twitter (Accessed Sep 18, 2024)
  30. @DeaKepy Twitter (Accessed Sep 18, 2024)
  31. @0xKatsuyusama Twitter (Accessed Sep 18, 2024)
  32. @fabiojr_eth Twitter (Accessed Sep 18, 2024)
  33. @auguraemali323 Twitter (Accessed Sep 18, 2024)
  34. @CryptoTraalala Twitter (Accessed Sep 18, 2024)
  35. @valkyrypto Twitter (Accessed Sep 18, 2024)
  36. @avaxspaces Twitter (Accessed Sep 18, 2024)
  37. @TomKeenZK Twitter (Accessed Sep 18, 2024)
  38. @valkyrypto Twitter (Accessed Sep 18, 2024)
  39. @buska29270 Twitter (Accessed Sep 18, 2024)
  40. @ezecZshield Twitter (Accessed Sep 18, 2024)
  41. @adidshaft Twitter (Accessed Sep 18, 2024)
  42. @Jon_HQ Twitter (Accessed Sep 18, 2024)
  43. @ezecZshield Twitter (Accessed Sep 18, 2024)
  44. @zogpukesucksok Twitter (Accessed Sep 18, 2024)
  45. @buska29270 Twitter (Accessed Sep 18, 2024)
  46. ZKsync (Accessed Sep 18, 2024)
  47. Suspected phishing site | Cloudflare (Accessed Sep 18, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=ZkSync_Official_Discord_Compromise_Fake_Airdrop&oldid=6043"