ZetaChain Hack
Incident Overview
On April 27, 2026, ZetaChain's GatewayEVM contract suffered a $334K exploit when an attacker funded via Tornado Cash exploited an arbitrary external call vulnerability. Only internal ZetaChain team wallets were affected with no user funds compromised. The team blocked the attack vector, deployed a mainnet patch, and temporarily paused cross-chain transactions.
The attacker funded addresses through Tornado Cash and impersonated wallet addresses to execute a premeditated attack. They exploited an arbitrary call functionality in the GatewayEVM contract that allowed unauthorized external calls. This vulnerability enabled them to drain approximately $334K across four connected blockchain networks.
The attack was highly targeted and affected only internal ZetaChain team wallets. No user funds were compromised. ZetaChain detected the attack quickly and blocked the attack vector to prevent further losses. As a precautionary measure, they paused all cross-chain transactions while investigating. A mainnet patch was deployed to fix the vulnerability. Cross-chain ZETA transfers continued operating normally throughout the incident.
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to ZetaChain, these are the critical security checks that could have prevented this incident (April 2026).
- Verify all logic paths related to Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next ZetaChain
The ZetaChain hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.