Gate News message, April 29 — ZetaChain released a post-mortem report confirming that the April 24 attack exploited vulnerabilities in its cross-chain messaging pipeline. The incident resulted in a total loss of $333,868 (primarily USDC and USDT) across nine transactions on Ethereum, Arbitrum, Base, and BSC. The attack affected only three internal team wallets, with no user funds impacted.
The attack leveraged three interconnected vulnerabilities: the cross-chain system permitted “arbitrary calls” with minimal restrictions; the GatewayEVM contract on the receiving end accepted most commands, including “transferFrom”; and users who had deposited tokens via “GatewayEVM.deposit()” had granted unlimited, unrevoked approvals that the attacker exploited to extract tokens from wallets.
ZetaChain noted the attacker was not opportunistic but had invested significant time and resources in preparation, including funding a wallet via Tornado Cash three days before the attack and conducting brute-force attacks to impersonate victim addresses. The protocol has deployed patches, and cross-chain transaction functionality will remain disabled until upgrades and audits are completed.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Fluid Completes $19.3M Loss Distribution from Resolv Breach, Confirms User Funds Safe
According to ChainCatcher, on March 22, Resolv's signing infrastructure was compromised, leading to the malicious issuance of approximately 80 million dollars in unsecured USR tokens. Fluid faced a 21 million dollar loss from its 100 million dollar exposure.
The loss distribution was finalized as f
GateNews1m ago
Stream Finance Seeks to Liquidate Assets Following $93M Loss Last November
According to Stream Finance's official statement on X, the trading protocol is seeking methods to maximize asset value for customers and creditors, with the goal of consolidating, liquidating, and distributing assets swiftly and prudently. The team is considering several strategic alternatives
GateNews1h ago
Roaring Kitty's X Account Compromised; Red Kitten Crew Token Surges to $12M, Crashes to $1.8M
According to BlockBeats, Roaring Kitty's X account was compromised early on May 12, posting a contract for Meme coin Red Kitten Crew (RKC). The token surged to $12 million in market capitalization before collapsing to $1.8 million. Roaring Kitty subsequently regained control of the account and
GateNews1h ago
Binance AI Security Systems Prevented $10.5B in Crypto Scam Losses
Binance claims its AI security systems collectively helped save millions of users $10.53 billion in potential losses from scams between Q1 2025 and Q2 2025, according to a blog post published Monday. The world's largest crypto exchange has rolled out approximately two dozen AI-powered security
CryptoFrontier4h ago
India Issues Trust Wallet Drainer Advisory as New Scam Domain Hits BNB Users on May 3
According to India's Ministry of Home Affairs, the national cybercrime body issued a formal advisory on April 20 naming three counterfeit "Verify Crypto Assets on BNB Chain" sites targeting Trust Wallet users. A new drainer domain, buepux.com, joined the list on May 3 and is already blocked by
GateNews6h ago
