ZetaChain, a Layer 1 network, reported a security breach on April 24, where attackers exploited vulnerabilities in its cross-chain messaging system to steal $333,868, primarily in USDC and USDT. The attack involved nine transactions across Ethereum, Arbitrum, Base, and BSC chains, targeting three internal team wallets without affecting user funds.
The attackers leveraged three key vulnerabilities: insufficient arbitrary call restrictions, the GatewayEVM contract's acceptance of most commands including transferFrom, and users' unlimited token approvals via GatewayEVM.deposit() that were not revoked. ZetaChain emphasized that the attack was premeditated, with significant preparation by the perpetrators. In response, ZetaChain has deployed patches on its mainnet and paused cross-chain transactions pending further upgrades and reviews. Users who interacted with ZetaChain's gateway contracts are advised to revoke related ERC-20 approvals.
ZetaChain Suffers $333,868 Exploit via Cross-Chain Messaging Vulnerability
Aviso Legal: O conteúdo disponibilizado no Phemex News é apenas para fins informativos. Não garantimos a qualidade, precisão ou integridade das informações provenientes de artigos de terceiros. Este conteúdo não constitui aconselhamento financeiro ou de investimento. Recomendamos fortemente que você realize suas próprias pesquisas e consulte um consultor financeiro qualificado antes de tomar decisões de investimento.