ZetaChain dismissed bug report that could have prevented a $334,000 exploit

ZetaChain said the vulnerability behind its recent $334,000 exploit had been reported through its bug bounty program before the attack, but was dismissed as intended behavior. In a post-mortem published Wednesday, the team said the incident has triggered a review of how it handles bug bounty submissions, especially reports involving chained attack vectors that may look harmless when viewed in isolation.

One user on X wrote that the bug was “reported and they simply ignored it,” adding that current bug bounty incentives can encourage losses for the protocol, total value locked (TVL), and users’ balances rather than compensating researchers for identifying and fixing issues.

Exploit details and losses

ZetaChain reported that it lost approximately $334,000 to a premeditated exploit on Sunday. The attack targeted its cross-chain gateway contract and drained funds across nine transactions on four chains: Ethereum, Arbitrum, Base, and BSC. The funds were taken from ZetaChain-controlled wallets, and ZetaChain said no user funds were affected.

Three design flaws combined

In its post-mortem, ZetaChain said the attacker exploited three design flaws that, individually, might have appeared minor but together enabled a full drain.

• Unrestricted cross-chain instructions: the gateway allowed anyone to send arbitrary cross-chain instructions without restrictions.
• Broad command execution on the receiving side: it would execute almost any command on any contract, with a blocklist so narrow it missed basic token transfer functions.
• Residual unlimited spending permissions: wallets that previously used the gateway had left unlimited spending permissions in place that were never cleaned up.

ZetaChain said the attacker combined these issues by instructing the gateway to transfer tokens from victim wallets to the attacker’s own addresses, and the gateway complied.

Attack preparation and mitigation

ZetaChain described the attack as not opportunistic. It said the attacker funded their wallet through Tornado Cash three days before the exploit, deployed a purpose-built drainer contract on ZetaChain, and ran an address poisoning campaign before seeding it into their transaction history via dust transfers.

For remediation, ZetaChain said a patch that permanently disables the gateway’s arbitrary call functionality is being rolled out to mainnet nodes. The platform also removed unlimited token approvals from its deposit flow, replacing them with exact-amount approvals going forward.

AI agent study finds higher exploit success with structured attack knowledge

A separate study by a16z tested whether an off-the-shelf AI agent could move beyond identifying DeFi vulnerabilities and produce working exploits. Researchers used OpenAI’s Codex and evaluated it on a dataset of 20 real Ethereum price manipulation incidents.

In the first phase, the agent ran in a sandboxed environment with no access to future transaction data and no guidance on how the attacks worked. Under those conditions, it succeeded in 10% of cases.

In a second phase, researchers provided the agent with structured knowledge about common attack patterns and exploit workflows. With that additional context, the success rate increased to 70%.