Phishing Attack Targets ZKsync and Matter Labs X: False US Investigation Alerts Create Havoc

Phishing Attack Targets ZKsync and Matter Labs X: False US Investigation Alerts Create Havoc
Table of Contents

TL;DR

  • ZKsync and Matter Labs were victims of a phishing attack on May 13, compromising their X accounts to spread false alerts.
  • The attackers posted fake news about an SEC investigation and possible sanctions from the Treasury Department, followed by a fake airdrop.
  • ZKsync had already suffered an attack on April 15, when a hacker exploited a vulnerability in the airdrop distribution contract.

ZKsync and Matter Labs experienced another security breach after their official X accounts were hacked on May 13. The attackers took control of both profiles to spread false regulatory alerts and phishing links. The attack combined market manipulation tactics with direct fraud attempts, immediately impacting the price of their native token, ZK.

The messages posted claimed that the platform was under investigation by the SEC and that the Treasury Department was preparing sanctions. Although the news was false, it caused a nearly 5% drop in the token’s value, which had seen a strong 38.5% rise in the previous days. Shortly after, the hackers spread a fake airdrop with malicious links intended to empty the wallets of unsuspecting users.

Zksync hack

How the Attack Was Carried Out

According to Matter Labs, the unauthorized access likely occurred through delegated accounts, used to post on behalf of the main accounts but with limited permissions. After detecting the breach, the company disconnected those accounts and removed the fraudulent posts. An internal investigation is currently underway to determine how the incident occurred.

zksync hack

ZKsync’s Reputation Is Hanging by a Thread

This incident worsens the situation for ZKsync, which had already suffered another attack less than a month earlier. On April 15, a hacker exploited a flaw in the airdrop distribution contract and managed to mint 111 million unclaimed tokens, worth about $5 million. On that occasion, an informal agreement was reached for the attacker to return 90% of the assets, keeping the rest as a bounty.

ZKsync

The series of incidents in such a short period raises doubts about ZKsync’s security protocols. Although in both cases the users’ funds were not directly compromised, the consequences for reputation and trust are evident. In the first quarter of 2025 alone, losses from hacks in the crypto ecosystem approached $2 billion, nearly matching the total losses of 2024

RELATED POSTS

Ads

Follow us on Social Networks

Facebook Twitter Telegram Tiktok Linkedin
Follow Google News

Crypto Tutorials

Tutorials (Basic Level)
Tutorials (Medium Level)
Tutorials (Advanced Level)

Crypto Reviews

Wallets Crypto
Crypto Exchanges (CEX/DEX)
Cryptos A - D
Cryptos E - N
Cryptos O - Z

MOST VIEWED

PRICE PREDICTIONS

CRYPTO 101

We were unable to validate your subscription.
Your subscription has been made.

Crypto Economy Newsletter

Contact US
Facebook Twitter Telegram Linkedin-in Tiktok

© Crypto Economy

 Privacy Policy 
 Ethical Journalism Politic 
 Cookie Policy | Contest Rules | Partners | About us