A recent phishing attack on ZKsync and Matter Labs’ accounts has raised alarms in the crypto community. Hackers spread false claims about SEC investigations.
Details of the Attack
On May 13, the official X accounts of ZKsync and Matter Labs were compromised in a phishing attack. The attackers used the hijacked accounts to publish fake statements suggesting ZKsync was under scrutiny by the U.S. Securities and Exchange Commission (SEC) and facing possible sanctions from the Treasury Department.
Reaction and Consequences
The fraudulent posts included links to a bogus airdrop, luring users into a phishing trap. Shortly after, a ZKsync-affiliated account confirmed the breach and warned followers not to engage with the malicious content. Lynnette Nolan, head of communications at Matter Labs, clarified that the posts were fake and that both accounts are now fully back under the control of the team.
ZKsync's Security History
This marks the second major security incident tied to ZKsync in recent weeks. On April 15, an attacker exploited admin privileges of the project’s airdrop distribution contract to mint 111 million unclaimed ZK tokens, valued at roughly $5 million. The attacker eventually returned 90% of the stolen tokens, keeping the remaining 10% as a bounty.
The hack of ZKsync and Matter Labs’ accounts highlights the importance of security in the crypto space. Users are strongly advised to exercise caution and verify information sources.
