In a concerning incident on May 13, the X accounts of Ethereum Layer-2 network ZKsync and its developer, Matter Labs, were compromised by hackers who sought to spread damaging misinformation about the platform. The attackers posted a false statement alleging that ZKsync was under investigation by the U.S. Securities and Exchange Commission (SEC) and that the U.S. Treasury Department might impose sanctions on the platform. This apparent attempt to destabilize the ZKsync ecosystem also involved links to a fake airdrop, leading to a phishing scam that could have compromised unsuspecting users.
The breach was immediately flagged by the ZKsync team, who confirmed that both ZKsync’s and Matter Labs’ X accounts had been hacked. They advised users not to interact with the accounts or click on any suspicious links. The platform quickly removed the fraudulent post and restored control of the accounts. Matter Labs communications head, Lynnette Nolan, reassured the public that the statements about the SEC investigation were false and the team was working to prevent further breaches.
A wave of confusion spread across the crypto community, as users initially believed the misleading claims. A crypto startup co-founder, Harrison Leggio, jokingly referred to the hackers’ efforts as an attempt to “scare the living shit out of on-chain degens,” highlighting the anxiety such misinformation can stir among crypto investors. While the ZKsync token (ZK) did experience a minor price dip of around 2% following the attack, the longer-term impact on its value remains to be seen. Despite the panic, the ZKsync platform rebounded, with the token only down 6.4% in the past 24 hours, following an earlier rally of nearly 38.5%.
The ZKsync incident echoes concerns over the security of high-profile crypto platforms, particularly in the face of hackers using social media accounts to spread misinformation. This attack was not the first for ZKsync; in April, a hacker took control of the admin account for ZKsync’s airdrop distribution contract and minted an additional 111 million ZK tokens, worth around $5 million at the time. Although the attacker eventually returned 90% of the stolen tokens, the incident raised red flags about the security protocols in place at the platform.
The recent attacks on ZKsync are part of a broader trend of targeted hacks on crypto-related platforms. The use of compromised X accounts to spread false claims or distribute malicious links is a growing concern. In this case, the hackers appeared to specifically target the price of ZKsync’s token by falsely claiming that it was under regulatory investigation. The tactic of using fake SEC probes is not new, as the U.S. regulatory body has previously launched investigations into several crypto companies, though many have since seen their probes dropped.
For example, firms like Crypto.com, Immutable, OpenSea, and Robinhood Crypto have all disclosed that investigations by the SEC have been concluded. The use of such tactics by attackers highlights how market manipulation can occur in the decentralized space, where rumors and false information can significantly impact asset prices. Despite the fact that the SEC has not taken any formal action against ZKsync, the attack’s timing – coinciding with a 38.5% rally in the token’s value – suggests that the hackers may have been aiming to capitalize on the platform’s growing momentum.
Matter Labs is now investigating how the attackers gained access to the X accounts, with a focus on “compromised delegated accounts.” These accounts allow third-party users to post on behalf of the platform, and it is believed that one of these accounts may have been exploited to carry out the attack. This breach follows a trend of recent hacks on crypto platforms, highlighting the vulnerabilities in third-party integrations and the need for enhanced security measures.
The situation surrounding ZKsync’s compromised X accounts serves as a stark reminder of the constant threats facing the crypto industry. As the sector matures, the importance of robust security protocols becomes increasingly evident. For now, the ZKsync team has regained control of their accounts and is working on strengthening their defenses to prevent future attacks.
About the Author
