The interoperability-focused blockchain network ZetaChain has suffered a security exploit, resulting in the draining of funds directly from internal team wallets. Fortunately for the broader crypto community, developers were able to quickly patch the vulnerability before the attacker could compromise user assets.
The root cause
According to the security experts at SlowMist, the core vulnerability was located within the call function of ZetaChain's GatewayZEVM contract. Crucially, this specific function lacked proper access control mechanisms and input validation parameters.
Because of these missing security checks, the system was left wide open for exploitation. The flaw allowed any arbitrary user to bypass normal restrictions, invoke cross-chain calls through the GatewayZEVM contract, and execute unauthorized operations on external blockchains.
HOT Stories Hyperliquid (HYPE) Regains 101% in Weekly Futures, Ethereum (ETH) Suddenly in Downtrend, Bitcoin (BTC) Has 1 Week Left: Crypto Market Review Ethereum Nears 190 Million Holders, What About XRP?
The modus operandi
The attacker was able to craft a highly specific, malicious call directly on ZetaChain designed to emit a fraudulent cross-chain event.
ZetaChain's relayer, which is designed to listen for and facilitate these cross-chain communications, automatically picked up this event.
The relayer unknowingly executed the malicious call on the destination chain, allowing the attacker to effectively siphon the funds.
Damage contained
ZetaChain has assured the community that the damage was strictly isolated to their own holdings.
"There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only," the protocol's developers stated. "We've already blocked the attack vector so no more funds can be compromised."
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
