"The GatewayZEVM contract's call function contained no access control and no input validation, allowing any external address to trigger malicious cross-chain calls without authorization."
"Zetachain reported that the exploit affected its internal team wallets, estimated to be worth $300,000, while assuring that user funds were not directly impacted."
"The incident marks the second major cross-chain exploit in April 2026, following the KelpDAO hack that triggered the worst DeFi liquidity crunch since 2024."
Zetachain paused cross-chain transactions on April 28, 2026, after a vulnerability in the GatewayZEVM smart contract was exploited. Security researchers identified the root cause as a lack of access control and input validation in the contract's call function. This flaw allowed unauthorized users to trigger malicious cross-chain calls. The exploit impacted internal team wallets, estimated at $300,000, but did not affect user funds. The incident follows the KelpDAO hack, which caused significant liquidity issues in decentralized finance protocols earlier in April 2026.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]