ZetaChain confirmed on Wednesday, April 29, 2026, that the attack vector used in its recent security breach had been previously reported through its bug bounty program. According to the post-mortem published on April 29, 2026, the technical team dismissed the initial warning, considering the reported behavior to be a planned functionality in the protocol’s design. The incident resulted in an approximate loss of $334,000 executed on Sunday, April 26, 2026.
The attack targeted ZetaChain’s cross-chain gateway contract and was executed through nine transactions distributed across Ethereum, Arbitrum, Base, and BSC. The stolen funds came exclusively from wallets controlled by the entity; therefore, the report ensures that user assets were not compromised during the event. The community response was immediate; user cr4shls0v3rr1d3 noted in a post on the X platform that dismissing these reports incentivizes losses rather than rewarding the research that protects Total Value Locked (TVL).
Anatomy of a Foreseen Exploit: ZetaChain’s Three Flaws
The development team identified three specific design flaws in its gateway contract that, when combined, allowed for the draining of funds. Individually, these weaknesses did not represent an immediate critical risk, which explains why the original report was misclassified. However, the combination of excessive permissions and a lack of execution filters allowed the attacker to manipulate the flow of assets between chains in an unforeseen manner.
First, the gateway allowed any user to send arbitrary cross-chain instructions without access restrictions. Second, the execution system at the destination had a “blocklist” so narrow that it omitted basic token transfer functions, allowing the execution of commands on almost any contract. Finally, the design maintained unlimited spending permissions on wallets that had previously interacted with the gateway, a configuration that was not cleared after operations.
The preparation for the attack was meticulous and did not respond to a chance opportunity. The attacker used funds deposited through Tornado Cash on April 23, three days before initiating the exploit. Subsequently, they deployed a “drainer” contract specifically designed for ZetaChain and conducted an address poisoning campaign via dust transfers to camouflage their movements in the transaction history of the target accounts.
The recurrence of human errors in risk classification, such as the one at ZetaChain, coincides with a new study published by a16z crypto regarding the ability of artificial intelligence agents to identify and exploit vulnerabilities in the DeFi sector. The research used OpenAI’s Codex model against a set of 20 real price manipulation incidents on the Ethereum network.
The results show that, without specific guidance, AI only manages to replicate attacks in 10% of cases. However, by providing the agent with structured knowledge about common attack patterns, the success rate from 10% to 70% increased drastically. This finding suggests that attack sophistication could scale rapidly if AI tools are fed with technical databases of known exploits, increasing the pressure on security teams not to ignore seemingly minor reports.
As a corrective measure, ZetaChain has begun deploying a patch to mainnet nodes that permanently disables arbitrary call functionality. Furthermore, the protocol has modified its deposit flow to replace unlimited token approvals with exact-amount approvals. These adjustments aim to prevent isolated flaws in smart contract logic from compromising the treasury again, adding to the lessons learned in other previous security events documented in the ecosystem.
ZetaChain has announced that it will comprehensively review its bug bounty management processes to prioritize chained attack vectors. Full implementation of the security patch and the update of gateway contracts across all supported networks is expected to be completed by the end of this week in April.
This article is for informational purposes only and does not constitute financial advice.
