THE CIRCUITRYYour one-stop source for all tech news

Home/Markets/ZetaChain Dismissed Bug Report Before $334K Exploit

VERIFIEDBy Xavier Rivera· ·1 min read

ZetaChain Dismissed Bug Report Before $334K Exploit

ZetaChain dismissed a bug bounty report on a vulnerability that enabled a $334,000 exploit via its cross-chain gateway. The incident prompts a review of bug bounty processes and includes a patch rollout.

Source:CoinTelegraph

Post

ZetaChain Dismissed Bug Report Before $334K Exploit

TL;DRAI · 60 sec read

ZetaChain's vulnerability behind a $334,000 exploit was reported through its bug bounty program before the attack but dismissed as intended behavior.

The team published a post-mortem on Wednesday detailing the Sunday incident, which targeted its cross-chain gateway contract. The exploit drained funds across nine transactions on four chains—Ethereum, Arbitrum, Base, and BSC—from ZetaChain-controlled wallets. No user funds were affected.

From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →

ZetaChain attributes the attack to three design flaws: the gateway allowed arbitrary cross-chain instructions without restrictions; it executed nearly any command on any contract due to a narrow blocklist missing basic token transfers; and wallets retained unlimited spending permissions from prior use.

The post-mortem describes a premeditated attack. The attacker funded their wallet via Tornado Cash three days prior, deployed a drainer contract on ZetaChain, and conducted address poisoning via dust transfers.

ZetaChain now reviews bug bounty submissions, especially chained attack vectors. A patch disables arbitrary call functionality on mainnet nodes, and deposit flows replace unlimited approvals with exact-amount ones.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported

DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee

Crypto Security DeFi Exploit

MORE IN MARKETS

Base Blockchain Recovers From Two-Hour Halt on Ethereum Layer-2

Coinbase-backed Ethereum layer-2 network Base restarted block production after an approximately two-hour outage caused by an invalid block. The incident marks another disruption for one of Ethereum's largest layer-2 networks following a previous outage in August 2025.

Kraken teams with Maple to bring warehouse financing onchain for institutional crypto loans

Kraken and Maple introduced an onchain warehouse financing facility that routes institutional crypto-backed loans through a bankruptcy-remote SPV with USDC senior debt from Maple. The partnership enables Kraken to scale lending activity without committing further capital from its balance sheet while tokenized credit surpasses $6.2 billion in value.

SBI Takes Full Ownership of Bitbank in $289 Million Transaction

SBI Holdings will gain full control of Bitbank through a $289 million transaction that creates Japan’s largest crypto exchange by assets under custody, targeting 1.1 trillion yen and 2.92 million accounts while expanding its stablecoin, tokenization and blockchain infrastructure.