In a tumultuous twist for the Ethereum community, the official X accounts of ZKsync and its developer, Matter Labs, found themselves in a perilous situation on May 13, 2025. Hackers infiltrated the accounts, disseminating false claims of a U.S. Securities and Exchange Commission (SEC) investigation—a move that seemed designed to rattle the market and send the ZKsync token into a nosedive.
A Calculated Deception?
The cyber intruders posted a bogus statement that suggested ZKsync was under scrutiny by the SEC and potentially facing sanctions from the U.S. Treasury Department. While the claims were swiftly debunked by Matter Labs’ communications head, Lynnette Nolan, the damage was palpable. “The post is not legit,” Nolan told Cointelegraph, emphasizing that control of the accounts had been restored. Despite this assurance, the market reacted with predictable skittishness, causing the ZKsync token to dip by about 2% in a matter of hours, according to CoinGecko data. For a deeper dive into the regulatory implications, see our coverage of the SEC’s latest guidance.
Market Ripples and Reactions
The incident has sparked a flurry of reactions from the crypto community. Harrison Leggio, co-founder of the crypto startup G8keep, took to X to express his incredulity. “Shoutout to the ZKsync hackers. Instead of dropping a token and stealing a few bucks, they decided to scare the living shit out of onchain degens,” he quipped, capturing the mix of frustration and dark humor that often colors the crypto landscape.
It’s worth noting that the SEC has a history of investigating crypto firms, although many probes were halted during the Trump administration. Past investigations have targeted well-known platforms like Crypto.com and RobinHood Crypto, creating a climate where such news can cause significant market tremors. This follows ongoing discussions about the nature of crypto assets, as explored in our recent coverage of staking and its classification.
A History of Vulnerabilities
This isn’t the first time ZKsync’s platforms have faced security challenges. Just last month, on April 15, an attacker exploited the admin account of ZKsync’s airdrop distribution contract. The breach allowed the hacker to mint 111 million unclaimed ZK tokens, valued at approximately $5 million at the time. Interestingly, the attacker subsequently returned 90% of the tokens, opting to retain 10% as a so-called “bounty.”
Matter Labs is now delving deep into the mechanics of the latest breach. Preliminary findings suggest that “compromised delegated accounts” might be the culprit—these accounts grant limited access, enabling users to post on behalf of the main account. This vulnerability highlights the ongoing security challenges faced by platforms operating in the fast-paced world of cryptocurrency.
Looking Ahead
As the dust settles from this latest security scare, the incident raises critical questions about the resilience of crypto platforms against sophisticated cyber threats. With the ZKsync token experiencing a 6.4% decline over the past day, trading at about 7 cents, investors are left pondering the token’s future trajectory, especially after a recent 38.5% rally.
The broader implications of such breaches extend beyond immediate market reactions. They underscore the urgent need for enhanced security measures and more robust systems to safeguard against similar incidents. As Matter Labs continues its investigation, the crypto community awaits further updates, keen to understand how these vulnerabilities will be addressed.
In the ever-evolving crypto landscape, where innovation often outpaces regulation, maintaining trust through security integrity remains paramount. The ZKsync incident serves as a stark reminder of the challenges that lie on the road ahead.
Source
This article is based on: ZKsync X hacker posts false SEC probe in apparent effort to crash token
Further Reading
Deepen your understanding with these related articles:
- The SEC Can Learn From the IRS in Making Regulation Simpler for Crypto
- SEC Ditches PayPal’s PYUSD Probe, Removing Key Regulatory Hurdle for Its Stablecoin
- Movement Labs Suspends Rushi Manche Amid Coinbase Delisting, Token-Dumping Scandal
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
