ZetaChain: messaging gap enabled targeted cross-chain exploit

ZetaChain disclosed a gap in its cross-chain messaging system that enabled a targeted exploit affecting transactions routed through its network. The company detected the activity, took steps to contain it on affected paths and opened an internal investigation while working with outside security firms.

The flaw sat in the protocol component that generates and validates messages passed between blockchains. An attacker used the gap to submit manipulated messages that were accepted by destination chains, the team reported, and the incident appears to have affected a limited set of transactions rather than the entire network.

ZetaChain moved to restrict activity on the affected routes and began rolling out a patch for the vulnerable messaging component. The company notified counterparties and node operators it identified as potentially impacted and is tracing the sequence of events that allowed the exploit.

Cross-chain messaging is the set of processes that verifies and transfers state or asset movements from one blockchain to another. Messages typically carry proofs, origin data and instructions; failures in signature handling, sequencing or origin checks can let malicious actors submit forged, replayed or altered messages that a receiving chain will accept.

ZetaChain engaged external incident response and security firms to validate its containment measures and to advise on additional safeguards. The company has not yet provided a full accounting of financial losses or identified the attacker in its initial update.

The team said it will publish a full post-mortem with technical details once investigators complete their work. ZetaChain cautioned users to monitor its official channels for updates and invited anyone who believes they were affected to contact its incident response team. Operations will resume fully after confirmation that the messaging gap has been closed and additional protections are in place.