On May 13, ZKsync and Matter Labs were victims of a phishing attack that compromised their X accounts, allowing attackers to post false messages.
Overview of the Attack
The attackers posted fake news about an SEC investigation and possible sanctions from the Treasury Department, causing a 5% drop in the price of the ZK token after a significant rise of 38.5% the previous days.
Method of Attack
According to Matter Labs, the unauthorized access likely occurred through delegated accounts used to post on behalf of the main accounts but with limited permissions. After detecting the breach, the company disconnected those accounts and removed the fraudulent posts. An internal investigation is currently underway.
Impact on ZKsync's Reputation
This incident exacerbates the situation for ZKsync, which had already suffered another attack on April 15. A hacker exploited a flaw in the airdrop distribution contract, minting 111 million unclaimed tokens worth around $5 million. This raises concerns regarding ZKsync's security protocols.
The series of incidents in a short period undermines ZKsync's reputation and raises questions about the reliability of its security protocols, despite users' funds not being directly compromised.
