Back

ZetaChain Says GatewayEVM Contract Attack Hit Only Internal Team Wallets

ZetaChain states a targeted April 27 attack caused about $334,000 in losses across four connected chains, while user funds and cross-chain ZETA transfers were not affected and a mainnet patch has been deployed.

Fact Check
The claim is directly supported by ZetaChain's own post, titled "x post 2048854107633631356," which states that the GatewayEVM contract was attacked, only internal team wallets were affected, and the attack vector was blocked. The BeInCrypto article "ZetaChain Pauses Mainnet After Hack Hits Team Wallets" independently corroborates the same core facts and adds that no user funds were affected and cross-chain transactions were paused. The PANews article "ZetaChain:GatewayEVM合约遭攻击,已封堵攻击途径且用户资金安全" also summarizes the same official statement. Because the primary source is an official ZetaChain communication, the claim is very likely true.
    Reference12
Summary

ZetaChain said a targeted attack on April 27 involving an arbitrary call function in GatewayEVM caused about $334,000 in losses across four connected chains. The project said the incident affected only internal team wallets, while user funds and cross-chain ZETA transfers were not impacted. ZetaChain added that a mainnet patch has been deployed and that cross-chain transactions will resume after monitoring. Earlier technical analysis from SlowMist said the exploit likely involved missing access control and input validation in the GatewayZEVM call function, enabling arbitrary cross-chain calls and malicious external-chain execution through relayers and TSS.

Terms & Concepts
  • Cross-chain: Describes transactions or contract actions that operate across multiple blockchains rather than staying on a single network.
  • Access control: Security rules that determine which accounts or contracts are allowed to call specific functions or perform sensitive actions.
  • Input validation: Checks that verify submitted parameters are authorized and properly formed before a smart contract executes them.