Hacked ZKsync Account Used to Peddle Sham Airdrop
Hacked Twitter Accounts Push Phony ZK Token Airdrop
In a brief takeover, the official X accounts of ZKsync and Matter Labs were exploited to peddle a bogus ZK token airdrop announcement. The deceptive post declared that every follower could snag a piece of the initial token allocation via a shady link.
Lasting for around 15 minutes before being removed, the post raised concerns as ZKsync, boasting a broad fanbase, served as an attractive platform for hackers. With the platform's substantial user base, the probability of some followers being enticed by the malicious link increased significantly. As of now, ZKsync has yet to reveal the extent of monetary losses sustained by users who engaged with the tweet.
Recovering from the Hacked Accounts
Approximately 01:30 UTC, ZKsync announced that they had wrested control back over their X account. The official statement read, "The ZKsync and Matter Labs X accounts are now under our team's control once more. We're currently investigating how the accounts were compromised, suspecting that it was through infiltrated delegated accounts. All delegated accounts and connected apps have been disconnected, and we've purged any posts from the hacker."
Cybersecurity experts advise users to remain vigilant and avoid interacting with unverified links regarding token distributions in light of this incident.
In April 2025, an unfortunate hack targeting one of ZKsync's admin accounts resulted in $5 million worth of ZK tokens being pilfered, causing the token's value to plummet by about 15%.
Crypto Projects and Social Media Breaches
Social media platforms have emerged as a focal point for cyberattacks, with a substantial share of these assaults aimed at digital currency projects. Although detailed data on social media breaches specifically targeting significant crypto projects is not widely available, the cybersecurity landscape suggests a steadily increasing occurrence of phishing and social engineering attacks, common tactics for these intrusions[3].
Protective Measures for Avoiding Unverified Links
To safeguard yourself from clicking untrustworthy links connected to token distributions, follow these recommendations:
- Authenticate Official Channels
- Always authenticate the legitimacy of links by cross-referencing them with the official social media profiles of the project. Verify announcements on the project's official website or via credible news sources.
- Secure Connections
- Ensure that any link you click leads to a secure connection (HTTPS). Most web browsers exhibit a lock icon in the address bar to signify a secure or insecure site.
- Wary of Unsolicited Messages
- Remain cautious of messages from anyone posing as a crypto project representative. These could be phishing attempts.
- Two-Factor Authentication (2FA)
- Activate 2FA for all crypto-related accounts. This additional security layer impedes unauthorized access.
- Self-Education
- Stay informed about common phishing methods and cultivate a healthy dose of skepticism when encountering unsolicited offers or messages.
- Anti-Virus Software
- Install and consistently update anti-virus software to shield yourself from malware transmitted through links.
- Avoid Links from Unknown Sources
- If unsure of the authenticity of a link, do not click on it. Instead, manually type the URL of the official website into your browser.
By implementing these strategies, you can better shield yourself from social media breaches and phishing attacks related to crypto projects.
Disclaimer
We, BeInCrypto, are dedicated to impartial, transparent reporting, aiming to deliver accurate and timely information. However, we encourage users to independently verify facts and seek professional guidance prior to making any decisions based on this content. Please take note of our updated Terms and Conditions, Privacy Policy, and Disclaimers. In line with Trust Project guidelines, we adhere to principles of transparency and unbiasedness.
Crypto enthusiasts should be mindful of the cybersecurity risks posed by unverified links, especially those related to token distributions, as demonstrated by the recent hack of ZKsync's Twitter accounts. In light of this incident, it is advisable to authenticate official channels, secure connections, remain cautious of unsolicited messages, activate two-factor authentication, stay informed about common phishing methods, install anti-virus software, and avoid links from unknown sources to safeguard oneself from social media breaches and phishing attacks related to crypto projects.
