ZetaChain was attacked, exploiting a vulnerability that may stem from a defect in the GatewayZEVM call function

Slow Fog stated that ZetaChain was exploited in an attack. Preliminary analysis shows that the root of the vulnerability lies in the lack of access control and input validation in the GatewayZEVM contract's call function. Attackers can use this to initiate malicious cross-chain calls and execute arbitrary operations to transfer funds on the target chain through a relay mechanism.

Slow Fog mentioned that the attackers triggered the relayer to execute malicious calls by forging cross-chain events, thereby completing the theft of funds. Relevant attack transactions have now been disclosed.