ZetaChain paused cross-chain transactions after attackers exploited a smart contract linked to its bridge operations, resulting in unauthorized transfer of tokens to an Ethereum address.
The incident mainly affected team wallets, while the project said user wallets were not impacted. The network halted external cross-chain activity for more than 15 hours as developers moved to contain losses and review the affected contract.
ZetaChain Restricts Activity After Exploit
ZetaChain limited network activity after detecting the attack against its cross-chain infrastructure. During the pause, users could only make internal transfers on ZetaChain, while cross-chain services remained offline to prevent further exposure.
ZetaChain stopped its cross-chain transfers to cut losses. Only team wallets were exposed, with no losses for users. | Source: ZetaChain.
The team said it had reduced the impact of the exploit and stopped additional damage. However, on-chain findings showed that the attacker had already moved unauthorized assets through the cross-chain system before the pause took effect.
The exploit targeted a contract used to move funds between ZetaChain and Ethereum. Researchers identified the GatewayZEVM contract as the weak point because it lacked sufficient access controls and validation checks.
Flawed Contract Enabled Unauthorized Transfer
The attacker reportedly used the contract to make a malicious cross-chain call. The transaction appeared valid to the ZetaChain relayer, which then processed the request and sent real assets on the destination chain.
The known losses were limited to a small amount of USDC held on an Ethereum address. Reports placed the loss below $10,000, although the funds had not been frozen or formally tagged at the time of the review.
The incident still raised wider concerns because the exploit did not require a major pool of liquidity. It showed how weak contract permissions can expose even smaller networks with limited total value locked.
ZetaChain operates as a public Layer 1 network compatible with Cosmos infrastructure and the OmniChain model. Its design supports cross-chain applications through dedicated smart contracts, which makes bridge security a central part of its system.
April Hacks Raise Web3 Security Concerns
The attack came during a difficult month for Web3 security. DeFi Llama data showed that hacks and exploits caused more than $624 million in losses during April, the highest monthly level since February 2025.
ZetaChain holds less than $1 million across its DeFi smart contracts after the October 2025 market crash. Network activity also remains low, with only a small number of daily users and about $8 in daily fees.
Hacks against Web3 protocols accelerated in April, with over $624M in total losses. | Source: DeFiLlama.
The ZETA token showed little reaction after the exploit and traded near $0.054. The token has lost more than 96% from its launch level, while the latest attack focused on the bridge contract rather than the token itself, leaving wider security questions for Web3 security developers and teams.
