ZetaChain, a Layer 1 network, reported a security breach on April 24, where attackers exploited vulnerabilities in its cross-chain messaging system to steal $333,868, primarily in USDC and USDT. The attack involved nine transactions across Ethereum, Arbitrum, Base, and BSC chains, targeting three internal team wallets without affecting user funds.
The attackers leveraged three key vulnerabilities: insufficient arbitrary call restrictions, the GatewayEVM contract's acceptance of most commands including transferFrom, and users' unlimited token approvals via GatewayEVM.deposit() that were not revoked. ZetaChain emphasized that the attack was premeditated, with significant preparation by the perpetrators. In response, ZetaChain has deployed patches on its mainnet and paused cross-chain transactions pending further upgrades and reviews. Users who interacted with ZetaChain's gateway contracts are advised to revoke related ERC-20 approvals.
ZetaChain Suffers $333,868 Exploit via Cross-Chain Messaging Vulnerability
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.