Slow Fog Reports ZetaChain Exploited in Attack
Slow Fog reports that ZetaChain was exploited in an attack, with the vulnerability stemming from the lack of access control and input validation in the GatewayZEVM contract's call function.
The attacker triggered malicious calls by spoofing cross-chain events to execute on the relayer, allowing arbitrary operations and fund transfers on the target chain; related attack transactions have been disclosed, and ZetaChain has suspended cross-chain transactions.
Market mechanisms indicate that the cross-chain bridge vulnerability triggered short-term panic selling, with funds moving from ZetaChain-related liquidity and holdings to safer assets. The attacker realized profits through malicious calls, while the ZetaChain protocol and cross-chain users faced short-term pressure, increasing the appeal of compliant cross-chain projects post-incident.
Source: Public Information
ABAB AI Insight
ZetaChain had previously exposed multiple high-risk issues related to cross-chain messaging and Gateway in the 2023 Code4rena audit, including ignored zEVM message fields and observer nodes being able to pause outbound transactions. The GatewayZEVM call function vulnerability is a continuation of similar authorization verification design flaws.
In terms of capital pathways, ZetaChain concentrated engineering resources on a unified Gateway entry to simplify EVM cross-chain interactions but did not adequately lock down external call permissions, affecting approximately $300,000 in internal team wallets. The project team quickly blocked the attack vector and paused functionalities, redirecting resources to emergency patches and post-incident audits, strategically aiming to maintain its Omnichain positioning while exposing risks in the relayer trust assumptions.
Similar cases include multiple LayerZero DVN and cross-chain bridge fund extractions due to verification logic flaws in 2024-2025, as well as KelpDAO's cross-chain configuration attack earlier this month. Currently, ZetaChain is in the mainnet cross-chain suspension and repair phase, transitioning from rapid expansion to security reinforcement.
Essentially, this represents a technological substitution: traditional cross-chain relay mechanisms were bypassed by malicious calls, with the mechanism's pursuit of simplification through a unified Gateway neglecting input integrity checks, leading to a temporary concentration of pricing power from protocol security to the attacker, while forcing the entire Omnichain sector to accelerate its shift towards stricter access control and zero-trust architecture.