{"id":96550,"date":"2026-04-28T09:45:19","date_gmt":"2026-04-28T06:45:19","guid":{"rendered":"https:\/\/u1f987.com\/en\/?p=96550"},"modified":"2026-04-28T10:57:42","modified_gmt":"2026-04-28T07:57:42","slug":"zetachain-halts-cross-chain-operations-following-smart-contract-breach","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/zetachain-halts-cross-chain-operations-following-smart-contract-breach\/","title":{"rendered":"ZetaChain Halts Cross-Chain Operations Following Smart Contract Breach"},"content":{"rendered":"<p>On April 27th, a hacker exploited a vulnerability in the GatewayEVM contract of ZetaChain&#8217;s first-level blockchain. The incident affected only the team&#8217;s internal wallets, according to the developers.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only. We&#8217;ve already blocked the attack vector so no more funds can be compromised and will be releasing a detailed post mortem after we have completed our\u2026<\/p>\n<p>\u2014 ZetaChain \ud83d\udfe9 (@ZetaChain) <a href=\"https:\/\/twitter.com\/ZetaChain\/status\/2048854107633631356?ref_src=twsrc%5Etfw\">April 27, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>User funds were not affected. Upon discovering the attack, the project managed to prevent further asset compromise by halting <a href=\"https:\/\/u1f987.com\/en\/news\/what-are-cross-chain-bridges\">cross-chain<\/a> transactions.\u00a0<\/p>\n<p>DefiLlama <a href=\"https:\/\/defillama.com\/hacks\">estimated<\/a> the damage at $300,000. The ZetaChain team did not disclose the exact amount but promised to release a detailed report soon.\u00a0<\/p>\n<p>Preliminary analysis by SlowMist pointed to a vulnerability in the call function of the GatewayZEVM contract. It lacks access control and input validation, allowing any user to initiate malicious cross-network calls.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8. <a href=\"https:\/\/twitter.com\/ZetaChain?ref_src=twsrc%5Etfw\">@ZetaChain<\/a> has been exploited. Based on initial analysis, the following outlines the root cause.<\/p>\n<p>Root Cause<br \/>The core vulnerability lies in the call function of ZetaChain&#8217;s GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary\u2026 <a href=\"https:\/\/t.co\/U63DKIfgDZ\">https:\/\/t.co\/U63DKIfgDZ<\/a> <a href=\"https:\/\/t.co\/WbAHdiciRc\">pic.twitter.com\/WbAHdiciRc<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/2048967080867954744?ref_src=twsrc%5Etfw\">April 28, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The relay picked up these calls and executed them in target networks, allowing the attacker to withdraw funds.\u00a0<\/p>\n<p>Following the incident, the price of the ZETA token fell by 0.6% to $0.05.\u00a0<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/img-b689b35c05cc9531-2959955358928561.webp\" alt=\"image\" class=\"wp-image-279092\"\/><figcaption class=\"wp-element-caption\">Hourly chart of ZETA\/USDT on OKX exchange. Source: <a href=\"https:\/\/ru.tradingview.com\/chart\/atJ4mYHE\/?symbol=OKX%3AZETAUSDT\">TradingView<\/a>.\u00a0<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\">A Wave of Breaches\u00a0<\/h2>\n<p>Simultaneously, the Singularity Finance project on the <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-base-coinbases-l2\">Base<\/a> network was also hacked, noted cybersecurity expert Arsen.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 $413K drained from Singularity Finance. <\/p>\n<p>Admin set unsupported oracle fee tier, and every pool returned address(0). <\/p>\n<p>Attacker flash-loaned 100k USDC, minted 99.99% of supply, redeemed for real balances. <a href=\"https:\/\/t.co\/gnM5eOvQKh\">pic.twitter.com\/gnM5eOvQKh<\/a><\/p>\n<p>\u2014 Arsen (@arsen_bt) <a href=\"https:\/\/twitter.com\/arsen_bt\/status\/2048728326890512604?ref_src=twsrc%5Etfw\">April 27, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The platform administrator erred in settings, specifying an unsupported fee for <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-a-blockchain-oracle\">oracles<\/a>, which the hacker exploited. The attacker took a loan of 100,000 <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-the-usdc-stablecoin\">USDC<\/a> on Morpho, deposited them into storage, received all tokens (99.99%) at an incorrect rate, and withdrew real funds.\u00a0<\/p>\n<p>The damage amounted to $413,000. At the time of publication, the Singularity team had not commented on the incident.\u00a0<\/p>\n<p>The SFI coin&#8217;s price fell by 0.3% to $0.005, according to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/singularity-finance\">CoinGecko<\/a>.\u00a0<\/p>\n<p>Earlier, on April 26th, hackers <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-breach-defi-protocol-scallop\">attacked<\/a> the DeFi protocol Scallop and withdrew about 150,000 SUI from the sSUI reward pool. A few days before, attackers had <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-breach-volo-extract-3-5-million-from-wbtc-and-usdc-pools\">compromised<\/a> the Volo platform.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On April 27th, a hacker exploited a vulnerability in the GatewayEVM contract of ZetaChain&#8217;s first-level blockchain. The incident affected only the team&#8217;s internal wallets.<\/p>\n","protected":false},"author":1,"featured_media":96551,"comment_status":"open","ping_status":"open","sticky":true,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"ZetaChain halted cross-chain operations after a smart contract breach.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093,1310],"class_list":["post-96550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi","tag-zetachain"],"aioseo_notices":[],"amp_enabled":true,"views":"13","promo_type":"1","layout_type":"1","short_excerpt":"ZetaChain halted cross-chain operations after a smart contract breach.","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=96550"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96550\/revisions"}],"predecessor-version":[{"id":96552,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/96550\/revisions\/96552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/96551"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=96550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=96550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=96550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}