The vulnerability that led to ZetaChain’s recent exploit had been flagged through its bug bounty program before the attack, but was dismissed as intended behavior.
In a post-mortem published Wednesday, the team said the incident has prompted a review of how it handles bug bounty submissions, particularly reports involving chained attack vectors that may appear harmless in isolation but are dangerous in combination.
“This bug was reported and they simply ignored it,” one user wrote on X. “That’s how bug bounty programs work with these protocols currently; they incentivize losses for the protocol, the TVL, and the user’s balance instead of paying the researcher for discovering and fixing the bug,” they added.
ZetaChain lost approximately $334,000 to a premeditated exploit on Sunday that targeted its cross-chain gateway contract. The exploit drained funds across nine transactions on four chains, including Ethereum, Arbitrum, Base and BSC, all from ZetaChain-controlled wallets. No user funds were affected.
Related: Crypto hackers stole $17B over past 10 years: DefiLlama
Attacker exploits small design flaws
ZetaChain said in its post-mortem that the attacker exploited three design flaws that, individually, might have seemed minor, but together opened the door to a full drain. First, the gateway allowed anyone to send arbitrary cross-chain instructions with no restrictions. Second, on the receiving end, it would execute almost any command on any contract, with a blocklist so narrow it missed basic token transfer functions.
Third, wallets that had previously used the gateway had left unlimited spending permissions in place that were never cleaned up. By combining all three, the attacker simply told the gateway to transfer tokens from victim wallets to their own, and the gateway complied.
Source: ZetaChain
“This was not an opportunistic attack,” ZetaChain said in its post-mortem. The attacker funded their wallet through Tornado Cash three days before the exploit, deployed a purpose-built drainer contract on ZetaChain and ran an address poisoning campaign before seeding it into their transaction history via dust transfers.
ZetaChain added that a patch permanently disabling the arbitrary call functionality is being rolled out to mainnet nodes. The platform also removed unlimited token approvals from its deposit flow, replacing them with exact-amount approvals going forward.
Related: Ethical hacker intercepts $2.6M in Morpho Labs exploit
AI DeFi exploit success rate increases
A new study by a16z tested whether an off-the-shelf AI agent could go beyond identifying DeFi vulnerabilities and actually produce working exploits. Using OpenAI’s Codex against a dataset of 20 real Ethereum price manipulation incidents, researchers ran the agent in a sandboxed environment with no access to future transaction data and no guidance on how the attacks worked. The agent succeeded in just 10% of cases.
However, when researchers fed the agent structured knowledge about common attack patterns and exploit workflows, the success rate jumped to 70%.
Magazine: How to fix suspected insider trading on Polymarket and Kalshi