SlowMist
SlowMist|Apr 28, 2026 03:27
🚨. @ZetaChain has been exploited. Based on initial analysis, the following outlines the root cause. Root Cause The core vulnerability lies in the call function of ZetaChain's GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary user to invoke cross-chain calls through GatewayZEVM and execute arbitrary operations on external chains via the relayer. Specifically, an attacker can craft a malicious call on ZetaChain to emit a cross-chain event. ZetaChain's relayer picks up this event and, through TSS, executes the malicious call on the destination chain — enabling the attacker to drain funds. Transactions: https://zetascan.com/tx/0xdaa19f9952b8d171ae3481a0b31b6c63d8ee4da03c5821663be5cdb29ddc4521 https://etherscan.io/tx/0x81fc9b2457b3ea66e2cefe2afe65d083ce358a11520e0f4aa5faad0bfea18a56(SlowMist)
+3
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads