Ignored bug report preceded $334K ZetaChain cross-chain exploit

ZetaChain confirmed that it dismissed a bug-bounty report as intended behavior before an attacker drained roughly $334,000 from wallets the protocol controls. The incident targeted the platform’s cross-chain gateway and occurred on Sunday across nine transactions on Ethereum, Arbitrum, Base and BSC. ZetaChain’s post-mortem was published Wednesday and says no user funds were affected.

The post-mortem describes three design flaws that were dangerous only when combined. The gateway allowed anyone to submit arbitrary cross-chain instructions without restriction. The receiver logic executed nearly any command on destination contracts and used a blocklist that missed basic token transfer functions. Wallets that previously interacted with the gateway retained unlimited token approvals that were never revoked.

By chaining those weaknesses, the attacker instructed the gateway to move tokens from ZetaChain-controlled wallets to the attacker’s address and the gateway executed the transfers. ZetaChain characterized the intrusion as deliberate and wrote, “This was not an opportunistic attack.”

The report outlines the attack sequence. The attacker funded a wallet through Tornado Cash three days before the drain, deployed a custom drainer contract on ZetaChain, conducted an address-poisoning campaign, and seeded the malicious address into transaction histories with dust transfers before executing the extraction.

ZetaChain says the vulnerability had been reported earlier through its bug bounty program but was dismissed as intended behavior. One user on X posted criticism, writing, “This bug was reported and they simply ignored it. That’s how bug bounty programs work with these protocols currently; they incentivize losses for the protocol, the TVL, and the user’s balance instead of paying the researcher for discovering and fixing the bug.”

Immediate technical changes are already rolling out. The platform is deploying a patch that permanently disables the gateway’s arbitrary call functionality on mainnet nodes. The deposit flow has been modified to remove unlimited token approvals and now requires exact-amount approvals.

ZetaChain also said it will review how it triages bug bounty submissions, with attention to reports that describe multi-step attack chains that may appear harmless in isolation. The post-mortem and code changes are presented as measures to address the specific weaknesses that enabled the drain.

A recent study testing an off-the-shelf AI agent against historical DeFi incidents found the agent produced working exploits in 10% of cases when run without guidance in a sandbox. When researchers provided structured knowledge about common attack patterns and workflows, the agent’s success rate rose to 70% in the same test set.

ZetaChain’s public report gives a detailed timeline of the attacker’s actions and lists the contracts and chains involved. The team provided status updates on the fixes and said it will strengthen review procedures for future bug reports.