ZetaChain, a Layer 1 network, reported a security breach on April 24, where attackers exploited vulnerabilities in its cross-chain messaging system to steal $333,868, primarily in USDC and USDT. The attack involved nine transactions across Ethereum, Arbitrum, Base, and BSC chains, targeting three internal team wallets without affecting user funds. The attackers leveraged three key vulnerabilities: insufficient arbitrary call restrictions, the GatewayEVM contract's acceptance of most commands including transferFrom, and users' unlimited token approvals via GatewayEVM.deposit() that were not revoked. ZetaChain emphasized that the attack was premeditated, with significant preparation by the perpetrators. In response, ZetaChain has deployed patches on its mainnet and paused cross-chain transactions pending further upgrades and reviews. Users who interacted with ZetaChain's gateway contracts are advised to revoke related ERC-20 approvals.