ZetaChain, an interoperability-focused Layer 1 network designed as the “first universal blockchain” connecting networks like Bitcoin, Ethereum, and Polygon, confirmed the attack via an official post on X on Monday, April 27, 2026.
“There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only. We’ve already blocked the attack vector so no more funds can be compromised and will be releasing a detailed post mortem after we have completed our investigation,” the team stated on X.
The team added, “As a precaution cross-chain transactions are currently paused on ZetaChain. Investigation is still ongoing and at this time no user funds were impacted by this attack.”
What is the GatewayEVM Contract?
The GatewayEVM contract is a smart contract that serves as a unified entry point for cross-chain interactions between external EVM-compatible blockchain networks and applications deployed on ZetaChain. It functions as the primary gateway through which users and protocols initiate cross-chain token transfers and smart contract calls across connected chains.
According to ZetaChain’s official protocol contracts repository on GitHub, the GatewayEVM is described as the entry point for users on connected chains, similar to how the GatewayZEVM functions on the ZetaChain network itself. The contract works alongside the ERC20Custody contract, which holds ERC-20 assets being sent to ZetaChain, and the ZetaConnector, which manages ZETA tokens for connected chains.
Timeline of Events
According to ZetaChain’s official status page, cross-chain transactions on the mainnet remained paused as of 9:00 p.m. ET on Monday, approximately nine hours after the attack was first identified. The incident was marked as “identified” and “ongoing” for around six hours on the status page, with the team noting it had found the attack vector and was preparing a patch.
The status page listed the incident under “Cross Chain Transaction Are Paused” with the note: “We have identified the attack vector and are making a patch soon. At this time only ZetaChain team funds are affected.”
As of the time of publication, ZetaChain’s mainnet systems, including its 11 components, showed 100% uptime, and the Testnet with 11 components also reflected 100% uptime. The Blockchain Explorer, Testnet Faucet, ZetaChain.com/docs/, and Hub all showed normal operational status. Only cross-chain transactions remained paused.
ZETA token price reacts to the news
The ZETA token traded lower following news of the exploit. Data from CoinGecko showed ZETA trading at around $0.056, down approximately 5.7% over 24 hours, at the time of writing. The token’s 24-hour trading range sat between approximately $0.053 and $0.059.
ZETA is currently valued at a market capitalization of roughly $73.3 million, with a circulating supply of approximately 1.36 billion tokens out of a total supply of 2.1 billion ZETA. The token has a 24-hour trading volume of around $5.8 million, according to CoinGecko data.
ZetaChain’s mainnet originally went live in early 2024. Since then, the network has expanded into AI integration, launching ZetaChain 2.0 and its AI Portal in January 2026.
The broader DeFi security crisis
The ZetaChain attack comes at a time when the DeFi sector is grappling with an unprecedented wave of exploits. April 2026 has been the worst month for crypto hacks since the $1.4 billion Bybit breach in February 2025.
The most significant incident this month was the $292 million exploit of the LayerZero-powered cross-chain bridge operated by Kelp DAO on April 18, 2026. The attacker exploited a 1-of-1 verifier configuration in Kelp DAO’s LayerZero bridge, draining 116,500 rsETH (restaked ether) from the Ethereum mainnet escrow contract. The exploit was later attributed to North Korea’s Lazarus Group by multiple cybersecurity firms.
The Kelp DAO breach triggered massive contagion across DeFi. The attacker deposited nearly 89,567 unbacked rsETH into Aave as collateral, borrowing roughly $190 million in ETH and related assets across Ethereum and Arbitrum. This left Aave exposed to impaired collateral, causing the protocol’s total value locked to plunge by nearly $10 billion as depositors rushed to withdraw funds.
In response, an industry-wide coalition named “DeFi United” was launched by Aave service providers to raise 100,000 ETH to cover the bad debt. As of April 27, the fund had raised approximately $160 million of the roughly $200 million needed, with Mantle and Aave DAO contributing a combined 55,000 ETH (approximately $127 million).
Aave founder Stani Kulechov personally committed 5,000 ETH to the rescue effort. Arbitrum’s Security Council also froze 30,766 ETH (roughly $71 million) linked to the exploiter.
The total damage from crypto hacks in just the first 18 days of April exceeded $606 million across 12 separate incidents, according to DefiLlama data.
Two attacks alone, the $285 million Drift Protocol exploit on April 1 and the $292 million Kelp DAO breach on April 18, accounted for approximately 95% of the month’s losses. Both were linked to the Lazarus Group.
At a broader level, DefiLlama’s hacks dashboard now shows a total value hacked of $16.497 billion across the crypto industry historically, with $7.725 billion lost in DeFi protocols and $2.908 billion lost specifically through bridge exploits. DeFi recorded 47 separate incidents in the first four and a half months of 2026, compared with 28 over the same period in 2025, representing a 68% year-over-year increase in attack frequency.
Cross-Chain security under the microscope
The ZetaChain incident further amplifies concerns about the security of cross-chain infrastructure. Bridge contracts and interoperability protocols have consistently been among the most targeted attack surfaces in crypto, with major breaches including Ronin ($625 million), Wormhole ($320 million), and Nomad ($190 million) in previous years.
The pattern of bridge exploits this month alone has prompted renewed calls for stricter audits, multi-verifier configurations, and time-delayed withdrawal mechanisms for large bridge transfers across the industry.
ZetaChain has stated it will release a detailed post-mortem once its investigation is complete. The current status of all ZetaChain systems can be tracked at https://status.zetachain.com.
This is a developing story and will be updated as more details become available.
Also Read: Aave Labs & Kelp DAO Push Arbitrum to Release Exploiter’s Frozen Funds
