zkSync Era — hacks & exploits

Velocore's CPMM pools on zkSync and Linea lost $6.8M when a fee-multiplier overflow let the attacker mint huge LP supply against a tiny single-token withdrawal.

EraLend on zkSync Era lost $3.4M to a read-only reentrancy: the attacker manipulated the USDC oracle price mid-callback during a SyncSwap pool operation.

Kannagi Finance, a zkSync Era yield farm, rug-pulled $2.1M after its closed-source upgradeable staking contract was swapped to a malicious implementation.

Merlin DEX on zkSync lost $1.82M hours after launch when a back-doored owner role let insiders pull liquidity. CertiK's audit flagged the centralization risk.