The latest ecosystem update shows that the decentralized finance (DeFi) space has suffered a major exploit. Per the update, zkSync, a notable Ethereum Layer 2 project, experienced a breach involving one of its admin accounts.
The breach has renewed concerns about how secure blockchain platforms really are, especially given the rising number of hacks in recent months.
All About Ethereum layer-2, zkSync’s exploit
On April 15, 2025, zkSync confirmed that a hacker had accessed one of its administrative keys.
According to the X post, this allowed the attacker to take control of about $5 million worth of ZK tokens.
Further investigation showed that the admin account connected to three airdrop distribution contracts had been hacked.
Per the update, after gaining control of the account, the hacker used a function known as sweepUnclaimed to mint roughly 111 million unclaimed ZK tokens.
This action increased the number of tokens in circulation by about 0.45%
According to their statement, the hacker only accessed the airdrop contract and did not affect user wallets, the main zkSync protocol, or the token contract.
While this brought some relief, the breach still had serious consequences. Following the exploit, the price of the ZK token fell.
Data from CoinMarketCap shows that the token was trading at $0.04682 as of this report, reflecting a 7% drop in the last 24 hours.
Since the announcement on X, crypto community members expressed frustration over the situation.
For example, a user named John Dawg expressed his frustration by questioning why the team delayed the announcement of the hack.
Another user described the incident as a ZK scam, while another criticized the team for leaving the tokens unused for too long.
Still, others questioned why a contract containing such a large amount was still linked to a single admin key.
The zkSync team said that further updates would be provided later in the day as they continued looking into the incident.
They also mentioned that new security measures were being applied immediately to prevent further damage.
Latest offset in the industry: KiloEx and Phantom Wallet
While Ethereum Layer 2 project, zkSync faced its troubles, other platforms also faced serious issues.
On the same day, KiloEx, a relatively new DeFi trading platform, was hacked.
According to the X post, the attacker used the platform to target the BNB, Base, and Taiko chains, draining $7 million.
The platform had to pause all trading activities, and the value of its token, KILO, dropped by 30%. This wiped out $3.5 million from its market cap.
KiloEx has launched a bug bounty to work with white-hat hackers to trace the stolen funds.
Separately, on April 14, Phantom Wallet, a known player in the crypto wallet space, was sued by a developer. The dev lost $500,000 worth of Wiener Doge tokens.
Reports said a cybercriminal bypassed the wallet’s multi-factor authentication through a flaw and accessed the developer’s private key.
Can the industry be free from scams?
The consistent attack on Ethereum Layer 2 project zkSync, KiloEx, and Phantom Wallet points to a larger problem in the crypto space.
Experts have raised concerns about loopholes in smart contracts and weak admin security. This comes following the Bybit hack in February that came as the biggest in recent times.
Issues like brute-force attacks and bugs in systems continue to be exploited.
Regulators like the DFPI have warned about common scams such as phishing and rug pulls. They recently issued a formal rulemaking for digital financial asset regulation.
While stronger security and better user education can help reduce losses, many wonder if full protection is even possible in a rapidly changing environment.
