ZKsync and Matter Labs X Accounts Hacked in Phishing Scam

Highlights:

• ZKsync and Matter Labs’ X accounts were hacked today to spread phishing links and false claims of investigations.
• The breach follows a similar attack in April involving the minting of 111 million ZK tokens.
• Despite the hack, the ZK token price dipped only slightly while user trust could be at risk.

Earlier today, hackers took control of the X (formerly Twitter) accounts of ZKsync and Matter Labs, the main developer behind the Ethereum layer-2 protocol ZKsync. The hackers used the breach to spread phishing links. These links claimed users could receive a token airdrop but instead led to a fake website. The attackers also posted false statements about ZKsync facing investigations and possible sanctions from United States authorities.

After a short time, ZKsync confirmed both accounts had been compromised by hackers, and it warned its users not to click on any links that the hackers may share. Matter Labs also confirmed that the statement issued by the hackers was false. The company’s communications head, Lynnette Nolan, confirmed the team had regained full control.

⚠️ Warning: Both @zksync and @the_matter_labs accounts have been compromised.

Do not interact with that account or click any links.

Wait for the @zkSyncDevs account to verify when the account has been reclaimed.

We will quote tweet this tweet when @zksync and @the_matter_labs…

— ZKsync Developers (∎, ∆) (@zkSyncDevs) May 13, 2025

The hackers used the false messages to create panic and confusion. They claimed ZKsync was under threat from both the SEC and the Treasury Department of the United States. These statements aimed to shake user confidence and possibly cause a drop in the token’s price.

Crypto startup co-founder Harrison Leggio commented on the event and said that the hackers wanted to scare users instead of stealing money directly. The hacked posts told followers they could claim part of a token supply. The message included a suspicious link that could trick users into sharing private information.

Shoutout to the zksync hackers.

Instead of dropping a token and stealing a few bucks they decided to scare the living shit out of onchain degens. pic.twitter.com/ltbwd37WMp

— Pop Punk (@PopPunkOnChain) May 13, 2025

The post remained live for about 15 minutes before it was removed. Around 01:30 UTC, ZKsync posted that the team had restored access to the account. ZKsync has about 1.5 million followers on X, which makes it a high-value target. The number of users who clicked the link remains unknown. ZKsync has not shared how many users were affected or lost funds.

ZKsync Faces Ongoing Security Challenges After April Attack

The attack today is not the first on the ZKsync platform. Its airdrop distribution contract was targeted by attackers on April 15. The hacker exploited privileges on login from an admin account to mint 111 million unclaimed ZK tokens, worth around $5 million back then.

Later, the attacker returned 90% of the tokens and kept 10% as a bounty. Matter Labs now believes the most recent breach came through compromised delegated accounts. These accounts allow limited access to posts from the main profile.

The repeated incidents raise concern about the platform’s public security. Since the ZK token launch, attackers have focused on its growing user base. In particular, large follower counts make crypto platforms attractive targets for social media scams. ZKsync has not yet explained how it plans to prevent future attacks.

ZK Token Price Drops Slightly Amid Account Breach

After the fake messages went live, the ZK token price dropped by 6.16% within the past day. The coin is currently trading at $0.07289, with a market value of $267.9 million. The decline followed a strong rally of nearly 39.2% over the past week. In addition, the coin has gained 32.33% in the past month.

So far, the platform has not confirmed any direct financial losses from the phishing scam. However, repeated incidents may impact user confidence going forward.