← Back to archive
Rugpull·ongoing

Fake zksync.jp Token Fraud Reported in Japan

A 2026-06-21 report relayed by The Block from Nikkei alleged that a linked criminal group used a scam token branded “zksync.jp” to deceive crypto users worldwide, with losses reported as over $1 million.

Abstract

On 2026-06-21, The Block published a report, attributed to Nikkei, alleging that a linked criminal group distributed a scam token under the name “zksync.jp” to deceive crypto users worldwide. The reported losses were over $1 million. The event has been classified in the dossier as a rugpull, but the presently available record does not establish the token’s contract-level mechanics, the sequence of on-chain transfers, or the number of affected users. Resolution status also remains unclear: no recovery figure, enforcement outcome, or court process has been documented in the brief. What is established is limited to the existence of the report, the alleged use of the “zksync.jp” name, and the reported loss magnitude; attribution, mechanism, and remediation remain contested or undocumented.

Methodology

This post-mortem relied on the structured brief provided for the incident, including the cited news report from The Block relaying Nikkei’s account, the event timeline, entity annotations, and the comparative analytics block. The standard of verification applied here was conservative. Claims were treated as established only where the brief directly supported them. Allegations reported through media attribution were described conditionally. No independent on-chain reconstruction, court filing review, exchange disclosure, or audit material was available in the brief, so no further factual expansion beyond the supplied record has been made.

On 2026-06-21, The Block published a report, attributed to Nikkei, alleging that a linked criminal group had distributed a scam token under the name “zksync.jp” in order to deceive crypto users worldwide.[3][4] The dossier classified the incident as a rugpull, but the presently documented record was narrow and media-derived rather than grounded in disclosed court filings, issuer statements, or on-chain forensic detail.[5]

The earliest pivotal moment established in the brief was the publication of that report on 2026-06-21.[3] According to the account relayed by The Block from Nikkei, the alleged scheme involved the distribution of a scam token using the name “zksync.jp.”[1] On the present record, that naming element appears to have been central to the alleged deception: the token was described not as an openly branded speculative asset, but as an instrument whose label was allegedly used to mislead users.[1] The brief did not provide the token contract, deployment chain, listing venue, or any contemporaneous project communication that would permit a more granular reconstruction.

The principal mechanism therefore remains only partially described. What has been reported is that a linked criminal group allegedly distributed the token and that the token name was used to deceive crypto users worldwide.[1] That is sufficient to establish the broad allegation of impersonation or misleading branding, but not the operational path by which losses were incurred. As of 2026-06-21, the dossier did not establish whether users acquired the token through a decentralized exchange, a direct transfer campaign, a fraudulent website, or another distribution channel. It also did not establish whether the alleged loss event arose from liquidity withdrawal, sale restrictions, false redemption promises, or another rugpull-adjacent mechanism. The classification as a rugpull is present in the event metadata, but the underlying transaction sequence has not been documented in the supplied record.[5]

The only quantified consequence stated in the source material was that losses were reported as over $1 million.[2] No victim count accompanied that figure in the brief, and no geographic breakdown was provided beyond the dossier’s regional tagging to Japan and the report’s statement that users were deceived worldwide.[1] Because no on-chain data, treasury disclosures, or exchange incident notices were included, the loss figure presently stands as a reported amount rather than a reconstructed balance-sheet total. The brief likewise did not identify whether the losses reflected realized user outflows, mark-to-market collapse in token value, or a mixture of both.

Attribution also remains limited. The report described the actor only as a linked criminal group.[1] The dossier did not identify named individuals, corporate entities, wallet clusters, or enforcement agencies connected to the operation. Although the source title referenced a broader network context, the present brief did not provide documentary material sufficient to establish the structure of that network, its jurisdictional footprint, or its prior activity beyond the allegation itself.[4] In research terms, the event is therefore documented at the level of reported allegation and reported loss, but not yet at the level of verified actor mapping.

No resolution pathway has been documented in the supplied materials. The brief did not provide recovery information, legal proceedings, asset freezes, exchange interventions, or restitution efforts. The timeline contained a single pivotal entry: publication of the report on 2026-06-21 by The Block relaying Nikkei’s account.[3][4] There were no subsequent milestones in the dossier indicating seizure, settlement, prosecution, or voluntary compensation. As a result, the incident presently sits in the archive as a reported fraud event with limited public technical detail and no documented remediation status.

The documented consequences were therefore narrow but material. A media report attributed to Nikkei alleged a scam token operation using the “zksync.jp” name and stated that losses exceeded $1 million.[1][2] The event has been catalogued as a rugpull in the archive metadata.[5] Beyond those points, the current record does not establish victim totals, recovery, civil or criminal case progression, or a verified on-chain loss map.

Discussion

Within CryptoMortem’s comparative dataset, this incident ranked #43 of 49 by severity, placing it in the 14.3th percentile of the archive by reported loss magnitude. Within the same event type, it ranked #3 of 3. That positioning indicates a relatively small event in whole-of-archive dollar terms, but one that still fits a sparsely documented class in the current catalogue. The attack vector label “rugpull” had 2 prior events in the archive, with cumulative $0.00B affected, 0 fully recovered, and 0 with low/no recovery. The event type “rugpull” had 1 other records in the archive, with mean recovery 0.0% and mean resolution 508 days. Those comparison points suggest two things. First, this archive has only a thin sample for direct rugpull comparison, so pattern inference remains constrained. Second, where comparable records do exist, documented recovery has been poor or absent, and resolution has tended to be prolonged rather than immediate. In archive context, the event entered a dataset of 50 total events catalogued, with 20 in the 12 months preceding this incident. That broader context indicates sustained incident flow, but this specific case stands out less for scale than for evidentiary incompleteness: unlike many larger failures, the current record does not yet include contract-level mechanics, wallet tracing, or legal process detail. Its analytical value therefore lies in the recurrence of brand-linked token deception within a rugpull classification, rather than in exceptional loss size.

Comparative analytics

All comparisons computed against the 50-event CryptoMortem archive at time of publication.

  • Severity rank across full archive: #43 of 49 (14.3th percentile).
  • Severity rank within same event type: #3 of 3.
  • Attack vector "Rugpull": 2 prior events in archive, cumulative $3M; 0 fully recovered, 0 with low or no recovery.
  • Event type "Rugpull": 1 other records in archive, mean recovery 0.0%, mean resolution 508 days.
  • Archive context: 50 events catalogued; 20 in the 12 months preceding this incident.

Limitations

The present record is materially incomplete. The dossier does not establish the on-chain mechanism, token contract, or transaction details, so the exact loss path cannot be reconstructed from the supplied materials. It does not identify the perpetrators beyond an unnamed linked criminal group, leaving attribution unresolved. It also does not provide victim counts, recovery information, or legal proceedings, so neither remediation nor enforcement status can be assessed. As of 2026-06-21, the event narrative rests on a report relayed by The Block from Nikkei rather than on disclosed court filings, exchange notices, or independently presented forensic evidence. The classification as a rugpull is therefore archival metadata, while the underlying operational mechanics remain undocumented in the brief.

Timeline

  1. Report on fake zksync.jp token fraud published

    The Block published a report relaying Nikkei's account of a scam token named “zksync.jp” and losses above $1 million.

    source →

Who was involved

Sources

  1. Fentanyl-linked Chinese network tied to crypto fraud from Japan involving fake ‘Zksync.jp’ token: Nikkei, The Block — Report that a linked criminal group allegedly distributed a scam token named zksync.jp and that losses were over $1 million.