ZKsync’s Twitter Storm: Hackers Hijack Accounts to Push Phony SEC Alerts and Scam Airdrops
Another day, another crypto security circus—this time with hackers turning ZKsync’s official X accounts into their personal phishing megaphone. The attackers blasted fake SEC warnings and malicious airdrop links, because nothing says ’trust us’ like impersonating regulators while draining wallets.
How it went down
: The compromised accounts pushed urgent-looking SEC compliance alerts, complete with too-good-to-be-true token claims. Classic fear-and-greed playbook—just add blockchain.
The irony
: A platform built on zero-knowledge proofs got zero-knowledge of the breach until users screamed. Meanwhile, the ’real’ SEC is probably drafting another 200-page report on why crypto can’t behave.
Stay paranoid out there—the only free lunch in DeFi is the one hackers are serving you.
Update from the official ZKsync account at press time | Source: ZKsync on X
Notably, the breach likely occurred through compromised delegated accounts, which have since been disconnected. ZKsync noted that all malicious tweets have been deleted, and an internal investigation is underway.
The ZKsync and Matter Labs X accounts are fully back in the control of the team. We’re looking into how the accounts were hacked, and believe it was through compromised delegated accounts.
All delegated accounts and connected apps have been disconnected, and we’ve deleted any…
However, a follow-up post from a ZKsync-affiliated developer account later warned that the accounts were still compromised, urging users not to interact. This has raised fresh concerns about whether full recovery was actually achieved at the time of the initial statement.
The attackers initially used the hacked accounts to stir panic. In one now-deleted post, they falsely claimed ZKsync was under investigation by the U.S. Securities and Exchange Commission and warned of possible sanctions from the Treasury Department.
Market commentators like g8keep co-founder Harrison Leggio suggested the MOVE was a deliberate attempt to crash ZKsync’s token price.
“Instead of dropping a token and stealing a few bucks they decided to scare the living shit out of onchain degens,” he wrote in an X post following the attack.
Shortly after, the hackers published a second post promoting a fake ZK token airdrop, which included a phishing LINK designed to drain users’ wallets. The post was live for a few minutes before the team managed to take it down.
🚨 @zksync was compromised and posted phishing tweets. Stay alert! ⚠️ pic.twitter.com/TikMR78Py2
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 13, 2025While it’s still unclear how many users may have clicked the link, ZKsync has yet to confirm whether any losses were reported.
At the time of writing, ZK token was down over 5%, trading around $0.07, according to CoinGecko. The drop followed a dip of roughly 2% right after the fake SEC warning went live.
For ZKsync, the attack comes less than a month after another major security lapse. On April 15, an attacker exploited admin access to the platform’s airdrop distribution contract and minted 111 million unclaimed ZK tokens, worth approximately $5 million at the time.
The attacker later returned 90% of the stolen tokens, keeping the remaining 10% as a self-declared bounty. That exploit occurred during the ongoing distribution of 17.5% of ZK’s total token supply to ecosystem participants.
Although most of the funds were returned, the back-to-back breaches have raised questions about the platform’s internal security processes.
