The information provided on EL7.AI is for educational and informational purposes only and does not constitute financial advice.

CryptoUpdated×7•Originally published 29 April 2026•Updated 30 April 2026•

1 min read

ZetaChain Identifies Vulnerabilities in $333,000 Team Wallet Exploit

Key Facts

1ZetaChain's post-mortem revealed an attacker exploited three vulnerabilities to drain $333,868 from team wallets.

ZetaChain has identified vulnerabilities in its cross-chain messaging system that led to a $333,868 exploit, noting that these flaws were previously misclassified as 'expected behavior'. This incident coincides with a broader surge in crypto crime, as total DeFi sector losses from hacks reached $629 million in April, marking the highest monthly total in over a year. In response to the heightened risk environment, Ether.fi has deployed a three-layer hardening system to secure its weETH bridges following a massive $292 million exploit at Kelp DAO. These developments highlight a stark contrast between ZetaChain's internal management lapses and the aggressive security hardening adopted by other liquid staking protocols. While ZetaChain works to rectify its design flaws, the industry remains on high alert as platforms struggle to mitigate the escalating frequency of high-value cross-chain breaches.

about 1 month ago

Version History

2 additional sources confirmed this story

Version 7about 1 month ago

What changed: Added aggregate monthly data showing April as the highest month for DeFi exploits in over a year.

Version 6about 1 month ago

What changed: Updated the story to include Ether.fi's new security hardening measures and its joining of DeFi United following the Kelp DAO exploit.

Version 5about 1 month ago

What changed: Added specific technical details including the identification of three vulnerabilities, the classification of the incident as a GatewayEVM exploit, and the execution via nine transactions.

Version 4about 1 month ago

What changed: Clarified that the team didn't just overlook the bug report, but explicitly misclassified it as 'expected behavior' prior to the exploit.

Version 3about 1 month ago

What changed: The update specifies the exact technical location of the vulnerability within the cross-chain gateway infrastructure.

Version 2about 1 month ago

What changed: Identification of the four specific affected networks (Ethereum, Arbitrum, Base, BNB Smart Chain) and the addition of allegations regarding an ignored security warning.

Version 1about 1 month ago

What changed: Added technical specifics regarding the 'arbitrary-call' design flaw and the fact that the exploit spanned 4 different chains.