SlowMist (@SlowMist_Team) “🚨. @ZetaChain has been exploited. Based on initial analysis, the following outl” — TopicDigg
SlowMist
@SlowMist_Team
SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
加入 April 2018
405 正在关注 88.5K 粉丝
🚨. @ZetaChain has been exploited. Based on initial analysis, the following outlines the root cause.
Root Cause
The core vulnerability lies in the call function of ZetaChain's GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary user to invoke cross-chain calls through GatewayZEVM and execute arbitrary operations on external chains via the relayer.
Specifically, an attacker can craft a malicious call on ZetaChain to emit a cross-chain event. ZetaChain's relayer picks up this event and, through TSS, executes the malicious call on the destination chain — enabling the attacker to drain funds.
Transactions:
显示更多
There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only. We've already blocked the attack vector so no more funds can be compromised and will be releasing a detailed post mortem after we have completed our investigation. As a precaution cross-chain transactions are currently paused on ZetaChain.
Investigation is still ongoing and at this time no user funds were impacted by this attack. The current status can be tracked at
显示更多
