ZetaChain Halts Cross-Chain Operations Following GatewayEVM Smart Contract Exploit

GatewayEVM Exploit: What Happened

On April 27, a hacker exploited a vulnerability in the GatewayEVM smart contract — a core component of the Layer 1 blockchain ZetaChain. According to the project's team, the breach affected only internal team wallets, while user funds remained safe.

"There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only. We've already blocked the attack vector so no more funds can be compromised and will be releasing a detailed post mortem after we have completed our…" — ZetaChain 🟩 (@ZetaChain), original post

Upon detecting the attack, the ZetaChain team immediately blocked the exploit vector and suspended all cross-chain transactions to prevent further asset compromise. Analytics platform DefiLlama estimated total losses at $300,000. The ZetaChain team did not disclose the exact figure but committed to publishing a detailed post mortem report.

Why This Matters

ZetaChain is designed as a Layer 1 blockchain purpose-built for native cross-chain operations, making this vulnerability particularly concerning for its foundational infrastructure. Cross-chain bridges and gateways remain among the most targeted attack surfaces in DeFi — a single exploit can cascade across multiple networks simultaneously.

The ZETA token declined 0.6% in the wake of the incident, falling to $0.05.

Root Cause: SlowMist's Preliminary Analysis

Blockchain security firm SlowMist conducted an initial investigation and identified the root cause: the call function within ZetaChain's GatewayZEVM contract lacked both access control and input validation. This flaw allowed any address to initiate arbitrary cross-chain calls.

"🚨 @ZetaChain has been exploited. Based on initial analysis, the following outlines the root cause. The core vulnerability lies in the call function of ZetaChain's GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary…" — SlowMist (@SlowMist_Team), original post

The attack mechanism worked as follows: the network's relayer picked up the malicious calls and automatically executed them on destination chains, enabling the attacker to drain funds from the project's internal wallets.

Singularity Finance Loses $413K on the Same Day

In a separate incident on the same day, the Singularity Finance project on the Base network was also exploited. Cybersecurity researcher Arsen flagged the attack.

"🚨 $413K drained from Singularity Finance. Admin set unsupported oracle fee tier, and every pool returned address(0). Attacker flash-loaned 100k USDC, minted 99.99% of supply, redeemed for real balances." — Arsen (@arsen_bt), original post

The exploit originated from an administrative misconfiguration: an unsupported oracle fee tier was set, causing all pools to return a zero address. The attacker took a 100,000 USDC flash loan via Morpho, deposited it into the vault, received 99.99% of the token supply at the distorted rate, and then redeemed it for actual assets. Total damage reached $413,000.

The Singularity Finance team had not commented on the incident at the time of publication. The SFI token dropped 0.3% to $0.005 according to CoinGecko.

A Growing Wave of DeFi Exploits

Both incidents occurred amid a broader series of DeFi attacks. On April 26, hackers targeted the Scallop protocol and drained approximately 150,000 SUI from the sSUI rewards pool. Days earlier, the Volo platform was also compromised. These events underscore a persistent pattern: smart contracts with insufficient input validation and access controls continue to be prime targets for attackers.