The ZetaChain vulnerability was reported in advance by white hats but was ignored, ultimately leading to a $334,000 attack incident
By: rootdata|2026/04/30 04:45:03
0
Share
The cross-chain protocol ZetaChain disclosed that the security issues involved in its recent approximately $334,000 vulnerability attack event had been reported in advance by researchers in the bug bounty program but were deemed "expected behavior" by the project team at that time and were not addressed.
According to the official incident review, this attack originated from a combination of three design flaws that initially seemed independent and low-risk: the Gateway contract allowed anyone to send any cross-chain instructions; the receiving end could execute calls on almost any contract, and the blacklist restrictions were too narrow; some wallets retained unlimited approval for an extended period without being cleared. The attacker ultimately combined these flaws to instruct the Gateway to transfer tokens directly to their controlled address, thereby completing the asset transfer.
ZetaChain stated that this attack involved 9 transactions across four chains: Ethereum, Arbitrum, Base, and BSC, with the stolen funds all coming from wallets controlled by ZetaChain, and user funds were not affected. The official noted that the attack showed clear premeditation. The attacker funded their wallet through Tornado Cash three days before the attack and deployed a dedicated Drainer contract in advance, while also implementing an address poisoning attack. Currently, ZetaChain has begun pushing repair patches to the mainnet nodes, permanently disabling the arbitrary call function and changing the unlimited approval mechanism in the deposit process to "precise amount authorization."
You may also like
Why have foreign exchange stablecoins never taken off?
Rather than issuing a local currency stablecoin from scratch, it is better to build a layer of foreign currency pricing on top of a USD stablecoin, allowing users to enjoy the liquidity of the dollar while keeping accounts in local currency.
AIDC, computing power leasing, and cloud: The "three-part thesis" of AI transformation in cryptocurrency mining farms
The "AI transformation" of cryptocurrency mining farms is not just a slogan; it is unfolding in three recognizable stages.
Futu has had all its illegal gains confiscated, reminding cryptocurrency exchanges
Even if foreign financial institutions obtain licenses abroad, as long as you are effectively providing financial services to residents in mainland China, Chinese regulatory authorities may evaluate your actions according to Chinese law.
Football, Web3 & Champions' Energy: A Recap of WEEX's LALIGA VIP Meetup in Barcelona
Relive WEEX's exclusive LALIGA VIP Meetup in Barcelona with football legend Fernando Morientes. From a fireside chat and on-site WEEX x LALIGA signing to partner awards and a live LALIGA match broadcast, discover how WEEX connected football culture, Web3, and community.
Pizza, Poker & AI Trading: A Recap of WEEX Crypto Pizza Day in Dubai
Relive WEEX Crypto Pizza Day in Dubai, where the MENA crypto community gathered at WEEX Dubai Studio to celebrate Bitcoin Pizza Day with pizza, poker, networking, and a live AI trading competition. Discover how WEEX turned a historic crypto milestone into a hands-on AI trading experience.
IOSG Founder: Please tell Vitalik the truth, let the OGs who have enjoyed the industry's dividends enlighten the young people
The wage earners freeze to death on the road, the sellers of goods die of thirst on the way. The weavers of brocade wear coarse cloth, and the grain growers do not have enough to eat.
Morning Report | SpaceX reveals it holds approximately $1.45 billion in Bitcoin; Nvidia's Q1 financial report shows revenue of $81.6 billion; Manus plans to raise $1 billion for buyback business
Overview of Important Market Events on May 21
Insiders: DeepSeek is forming a Harness team to compete with Claude Code
DeepSeek Code is coming.
SpaceX officially submitted its prospectus, unveiling the largest IPO in history
SpaceX's public market debut could take place as early as June, making it the first in a series of giant IPOs from AI companies, with OpenAI and Anthropic also waiting for the right moment.
The financial changes under the new SEC regulations: Opportunities and regulatory red lines behind "tokenized stocks"
In-depth analysis of "tokenized stocks": The SEC's advancement of an innovation exemption framework has sparked heated discussions, revealing the real risks behind third-party "synthetic asset" certificates and 24/7 trading.
Blockchain Capital Partner: The structure of on-chain dual-layer capital is still in the early stages of value discovery
How can the on-chain economy build a capital structure that promotes open innovation while also considering institutional scale?
Secured over $60 million in funding from Dragonfly, Sequoia, and others, learn about the on-chain derivatives protocol Variational | CryptoSeed
What is the difference with Hyperliquid?
I tested with $10,000: zero wear and tear, annualized 8%, and can earn points (with complete tutorial + screenshots)
Perps DEX newcomer StandX launches native stablecoin DUSD, achieving a real APY of 8.46% with its innovative three-tier yield mechanism, breaking the 3% traditional stablecoin interest rate ceiling.
Eight departments take strong measures to regulate cross-border brokers, what do you think?
This regulatory action, known as the "Final Battle for the Rectification of Cross-Border Brokers," will completely end the gray era of unlicensed operations by foreign brokers in the domestic market and reshape the entire market landscape for cross-border investment by mainland residents.
Cheers, Charts & AI: A Recap of WEEX Labs' Openguin Party Energy at ETHMilan 26
Looking for the most exciting web3 events in Europe? Relive the Openguin Party at ETHMilan 2026 — co-hosted by WEEX Labs, Pudgy Penguins and Berachain . This rooftop Pudgy Penguins Event brought together Pudgy Penguins Crypto fans, AI traders, and industry leaders for a 20-minute live AI trading competition under the Milan sky. Discover how WEEX is redefining AI-powered trading.
Morning Report | Deloitte acquires crypto infrastructure company Blocknative; stablecoin company Checker completes $8 million financing; a16z may have become the largest external institutional holder of HYPE
Overview of Important Market Events on May 20
Interpretation of xBubble SOP: Packaging Vibe Coding for non-technical users
DAPPOS has launched the low-threshold AI application xBubble, which innovatively automates the packaging of complex large model workflows with an SOP system, allowing users with no technical background to complete professional-level AI tasks with just one sentence.
From Followers to Price Setters: The Role of the Crypto Market is Reversing
The encryption platform successfully achieved precise pre-listing pricing on CBRS, indicating that Crypto is gradually transforming from a follower of traditional finance into a new pricing hub for global assets through innovative mechanisms.
Why have foreign exchange stablecoins never taken off?
Rather than issuing a local currency stablecoin from scratch, it is better to build a layer of foreign currency pricing on top of a USD stablecoin, allowing users to enjoy the liquidity of the dollar while keeping accounts in local currency.
AIDC, computing power leasing, and cloud: The "three-part thesis" of AI transformation in cryptocurrency mining farms
The "AI transformation" of cryptocurrency mining farms is not just a slogan; it is unfolding in three recognizable stages.
Futu has had all its illegal gains confiscated, reminding cryptocurrency exchanges
Even if foreign financial institutions obtain licenses abroad, as long as you are effectively providing financial services to residents in mainland China, Chinese regulatory authorities may evaluate your actions according to Chinese law.
Football, Web3 & Champions' Energy: A Recap of WEEX's LALIGA VIP Meetup in Barcelona
Relive WEEX's exclusive LALIGA VIP Meetup in Barcelona with football legend Fernando Morientes. From a fireside chat and on-site WEEX x LALIGA signing to partner awards and a live LALIGA match broadcast, discover how WEEX connected football culture, Web3, and community.
Pizza, Poker & AI Trading: A Recap of WEEX Crypto Pizza Day in Dubai
Relive WEEX Crypto Pizza Day in Dubai, where the MENA crypto community gathered at WEEX Dubai Studio to celebrate Bitcoin Pizza Day with pizza, poker, networking, and a live AI trading competition. Discover how WEEX turned a historic crypto milestone into a hands-on AI trading experience.
IOSG Founder: Please tell Vitalik the truth, let the OGs who have enjoyed the industry's dividends enlighten the young people
The wage earners freeze to death on the road, the sellers of goods die of thirst on the way. The weavers of brocade wear coarse cloth, and the grain growers do not have enough to eat.
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:[email protected]
VIP Program:[email protected]
