An admin wallet for layer-2 blockchain ZKsync was compromised on Tuesday with the hacker taking off with $5 million worth of ZK tokens.

The stolen funds were the «remaining unclaimed tokens from the ZKsync airdrop,» ZKsync wrote on Twitter, before saying that «necessary security measures are being taken.»

The protocol’s ZK token has dropped almost 14% over the past 24 hours. Volume has increased by 96% to $71 million in the same period.

ZKsync said the attack was an isolated incident and that it is confined to the token airdrop contract.

The Department of Justice recently issued new guidance directing prosecutors to scale back their efforts to investigate and litigate cryptocurrency crimes. This subsequently disbands the government’s National Cryptocurrency Enforcement Team (NCET) in an effort to prioritize immigration and procurement issues over cryptocurrency enforcement. While the DOJ frames this as a move to streamline resources, threat actors are watching – and adapting.

While it’s too early to observe its impact on the cryptocurrency world, I believe this move is more than a bureaucratic shuffle – it signals an enforcement vacuum that cybercriminals will rush to fill.

When Regulations Relax, Fraud Follows

Cybercriminals are highly adaptable and thrive in moments of regulatory ambiguity. When criminal enforcement – whether of blue-collar or white-collar crime – becomes limited, threat actors take note and often shift their operations outside the lines of prosecutable conduct. The same is true of the cryptocurrency space.

In the digital economy, especially within the decentralized, unregulated, and fast-moving world of Web3 and crypto, this gray area is fertile ground for impersonation scams, fake airdrops, phishing campaigns, and spoofed tokens.

Even before this policy change, scams involving fake coins, phishing sites, and wallet siphons were already on the rise. According to the FBI’s latest Cryptocurrency Fraud Report, cryptocurrency fraud amounted to $5.6 billion in losses, a 45% increase since 2022.

Now, as the glare of federal scrutiny moves away from the crypto space, individuals, exchanges, and brands otherwise vulnerable to impersonation must prepare for a rise in cryptocurrency fraud. Cybercriminals will continue to exploit platforms and dupe investors, especially in spaces where technical complexity, anonymity, and lack of regulation already hamper detection and enforcement.

Reactions from the Field: Relief or Concern?

The administration’s decision to rethink crypto enforcement has already elicited mixed reactions from legal experts, who echo the sentiment that the move may elicit fraudulent activity.

In a statement to the Washington Post, Vanderbilt University Law Professor Yesha Yadav underscored the importance of the NCET in disrupting criminal activity across the crypto space, noting that the government may find it harder to prosecute the “incredibly nimble, very opportunistic actors in this space.”

Similarly, Kleptocracy Initiative director and anti-corruption expert, Nate Sibley, emphasized that “Dangerous US adversaries rely on cryptocurrencies to launder money and evade sanctions.” 

However, a different tune can be heard within the industry. Advocacy group DeFi Education Fund, which is led by executives from organizations including Coinbase and Kraken, Executive Director and Chief Legal Officer Amanda Tuminelli stated that it was heartened to see that the DOJ announced it is redirecting resources to prosecuting the bad actors who are actually culpable for misuse of technology rather than the builders of our financial future.”

On one side, experts looking from the outside warn that the move may lead to an increase in cybercrime, while those within the industry argue that shifting focus to crimes relating to terrorism and drug cartels is a better use of resources. Only time will tell which side is correct.

Frictionless Fraud: AI Lowers the Bar for Bad Actors

Complicating matters is the increasing use of AI by attackers. With an arsenal of generative AI tools at the fingertips of anyone with an internet connection, fraudsters can now produce scams that go beyond phishing links – they’re full ecosystems of deception: fake social media accounts, copycat token launches, cloned websites, and AI-generated influencers pushing scams.

The result? Digital fraud is not only becoming more prevalent, it’s becoming more believable and harder to detect.

What does this mean for those trying to build a safer crypto ecosystem?

How the Crypto Community Can Respond

As the United States government reprioritizes its criminal focus, the responsibility of protecting investors and brand reputations will fall even more heavily on the private sector. Here’s how blockchain platforms, exchanges, brands, and investors operating in this space can respond:

Audit your brand perimeter: Regularly scan for unauthorized token listings, fake domains, and imposter accounts.

Use threat intelligence tech: AI-powered monitoring can detect spoofed websites and phishing campaigns across Web2 and Web3.

Engage with regulators early: Don’t wait for regulation to hit. Anticipate it, and build compliant, trustworthy systems before it’s too late.

Collaborate across the ecosystem: Whether you’re a small-time investor or an exchange with billions of dollars of assets under management, sharing information across platforms (i.e., between exchanges, social media platforms, and wallet providers) is key to identifying emerging fraud patterns.

The DOJ’s pivot may be strategic. But its ripple effects — especially in a fast-moving space like crypto — are already visible. If you’re building in web3, now’s the time to tighten your defenses. Because for every dollar the government pulls back, bad actors are investing tenfold.

At the heart of every financial system – traditional or decentralized – is trust. And, right now, trust is one of crypto’s biggest vulnerabilities. Widespread impersonation and scams, coupled with limited enforcement, have created a sense of skepticism that keeps the broader public on the sidelines.

If companies operating in the crypto space want digital assets to become mainstream, they must take ownership of building trust from the ground up. That means doubling down on transparency, accountability, and proactive protection. Because until trust becomes the norm, adoption will remain the exception.

Decentralized finance (DeFi) protocol Ethena has agreed to wind down its operations in Germany.

The decision comes three weeks after BaFin, Germany’s finance regulator, identified «serious deficiencies» in Ethena’s USDe token and said that the company was offering securities in Germany without approval.

«We have agreed with BaFin to wind down all activities of Ethena GMBH and will no longer be pursuing the MiCAR authorization in Germany,» Ethena said in a tweet.

It added that all previous users will be onboarded to Ethena BVI, the protocol’s entity in the British Virgin Islands.

Ethena is the yield-generating protocol with $4.9 billion in total value locked (TVL). The USDe token is dubbed a «synthetic dollar» and is backed by bitcoin (BTC), ether (ETH) and other cryptocurrencies.

Ethena’s ENA token is down by 2.88% in the past 24 hours, underperforming against the wider market which is up 1.17%, according to CoinMarketCap.