ZetaChain Pauses Cross-Chain Transactions After GatewayEVM Contract Attack

Image Credit: Shutterstock

ZetaChain has paused all cross-chain transactions on its mainnet after identifying an attack on its GatewayEVM contract, the gateway that routes cross-chain transactions on the network. The team said only internal wallets were affected and that no user funds were compromised.

Attacker Hit the GatewayEVM Contract That Routes All Cross-Chain Transactions

ZetaChain disclosed the attack on Monday and said it had moved immediately to pause cross-chain activity across the network. The GatewayEVM contract is a central piece of ZetaChain’s architecture. It handles the routing of transactions between external EVM-compatible blockchains and applications built on ZetaChain, making it one of the most sensitive components in the protocol’s infrastructure.

The team said the attack vector has been mitigated and that no further funds are at risk. DefiLlama data puts the amount lost at roughly $300,000, though ZetaChain did not confirm a figure and said it will release a detailed postmortem once the investigation is complete. ZetaChain said in a statement:

“As a precaution, cross-chain transactions are currently paused on ZetaChain. Investigation is still ongoing, and at this time no user funds were impacted by this attack.”

Cross-Chain Transactions Stayed Offline for at Least Nine Hours

As of 9:00 p.m. ET on Monday, nine hours after the attack was first identified, cross-chain transactions remained offline according to ZetaChain’s official status page. The team did not provide a timeline for restoring full functionality.

ZetaChain is an interoperability-focused Layer 1 network designed to connect different blockchains, including Bitcoin, Ethereum, and Polygon. Its mainnet launched in early 2024, and the protocol has positioned itself as a “universal blockchain” that allows developers to build applications spanning multiple chains through a single deployment. The network has experienced downtime before, including a six-hour mainnet outage earlier in its history.

The pause affects all cross-chain transactions routed through ZetaChain’s infrastructure but does not appear to have affected on-chain activity within the ZetaChain network itself, based on the team’s statements. ZetaChain had not responded to a request for further comment at the time of publication.

The Exploit Joins Kelp DAO and Drift in a $575 Million April for DeFi Attacks

The ZetaChain incident is the latest in a sharp uptick in DeFi attacks in April. The $292 million Kelp DAO exploit on April 18 drained funds through LayerZero’s cross-chain bridge infrastructure, creating substantial bad debt on Aave and prompting an industry coalition called “DeFi United” to backstop the lending protocol.

The $280 million Drift Protocol exploit on April 1 used a different vector. Attackers spent months posing as a quantitative trading firm before compromising the protocol’s governance, listing a fabricated token as collateral, and raising withdrawal limits. LayerZero has preliminarily attributed the Kelp attack to North Korea’s Lazarus Group.

DeFiLlama data shows at least 10 attacks on DeFi projects since the Kelp exploit alone. The ZetaChain attack is smaller in scale, and the team’s claim that only internal wallets were hit, if confirmed in the post-mortem, would make it significantly less damaging. But it adds another entry to a month that has already seen more than $575 million drained from DeFi protocols across structurally different attack vectors.