- On April 27, Blockaid issued a warning of an ongoing exploit targeting ZetaChain’s GatewayEVM contract.
- They urged users to revoke approvals immediately using Revoke.cash, who have approved contracts on Ethereum, Arbitrum, Base, or other EVM chains.
- These exploits come amid a sharp decline in DeFi security in April 2026, which has seen over $606 million stolen in the first 18 days alone.
Amid the series of hacks on the DeFi sector, there is a new major ongoing exploit taking place on ZetaChain.
On April 27, Blockaid raised a warning about an “ongoing exploit” on ZetaChain cross-chain contracts. Blockaid is trusted by major platforms, including Coinbase and MetaMask, for real-time fraud detection.
Blockaid Warns of Exploits in ZetaChain Cross-Chain Contracts
The alert has urged users to immediately revoke any token approvals for the ZetaChain GatewayEVM contract on all EVM-compatible chains.
ZetaChain is a decentralized EVM-compatible Layer-1 blockchain built for true cross-chain interoperability, including with non-smart contract chains like Bitcoin. The GatewayEVM contracts are responsible for handling cross-chain messaging and asset transfers between EVM chains and the network.
The alert is suggesting that attackers may be exploiting approvals in these contracts to drain funds without needing a new transaction from users who previously interacted with ZetaChain aApps or bridges.
As of now, no clear figure has emerged about how much funding was compromised in this attack. However, some community posts are suggesting that there is around $300,000 and shared suspected exploiter addresses. However, these reports are still unverified.
ZetaChain officials have not issued any official public statements regarding this. Security experts are calling this pattern very common in recent incidents.
Users must take immediate actions if they have ever approved the ZetaChain GatewayEVM contracts or any related contracts on Ethereum, Arbitrum, Base, or other EVM chains. They should revoke these approvals right away using a tool like Revoke.cash or their wallet approval manager. This will require small gas fees, but it will help them to avoid further drainage.
DeFi Sector Shaken by Series of Cyberattacks
DeFi sector’s security has crumbled in 2026, with cross-chain bridges and messaging protocols remaining major targets.
According to DeFiLIama, approximately $606 million was stolen in the first 18 days of April. This makes it the worst month for crypto hacks since February 2025. This has made the 2026 year-to-date total above $770 million across dozens of incidents.
Kelp DAO reported as the largest DeFi hack of the year so far. Attackers have drained approximately $292 million in rsETH, which is the Kelp Liquid restaking token. The attack has targeted the LayerZero-based cross-chain bridge, where attackers compromised a cross-chain message using a single verifier configuration weakness, tricking the bridge into releasing unbacked tokens from the Ethereum escrow.
According to initial investigations, these cyberattacks are linked to North Korea’s Lazarus Group and its TraderTraitor subgroup. The fallout was massive. The exploit triggered a DeFi bank run with approximately $10 billion withdrawn from connected protocols, including heavy pressure on Aave.
Kelp DAO hack created major bad debt across the ecosystem. However, later on, the Arbitrum Security Council managed to freeze approximately 30,766 ETH worth around $71 million from the attacker’s address.
Earlier this month, Drift Protocol, a major Solana-based perpetuals decentralized exchange, lost around $285 million in a social engineering and malware attack. This incident shows that even audited protocols with multisig protections are vulnerable to such cyber attacks.
Also Read: Pi Network Price Up 2% as Mining Lead and Upgrade Shape Bullish Setup