ZetaChain suspended mainnet cross-chain transactions on Monday after an attacker breached its GatewayEVM smart contract, a protocol-level component responsible for routing messages and assets between ZetaChain and EVM-compatible blockchains. The team said it blocked the attack vector before further funds could be drained and has promised a full post-mortem once its investigation concludes. The incident lasted roughly six hours in an "identified and ongoing" state before the team began preparing a patch.

"There was an attack against the ZetaChain GatewayEVM contract today that impacted the internal ZetaChain team wallets only," the project wrote in a statement reported by CoinDesk and Yahoo Finance. "We've already blocked the attack vector so no more funds can be compromised and will be releasing a detailed post-mortem after we have completed our investigation."

The dollar value of funds taken from those internal wallets has not been publicly confirmed. The team has not released the post-mortem as of publication time.

What GatewayEVM does, and why it matters

ZetaChain is a Cosmos SDK-based Layer 1 blockchain, running on CometBFT (Tendermint) consensus, that connects multiple chains including networks that do not natively support smart contracts, such as Bitcoin and Dogecoin. It does this without relying on third-party bridges or external relayers. The GatewayEVM contract sits at the center of how ZetaChain handles cross-chain asset custody and message routing for EVM-compatible chains. A successful exploit against this component puts the integrity of cross-chain asset flows at direct risk. The network's native token standard, ZRC-20, relies on protocol-level minting and burning rather than wrapped-token bridges. ZetaChain also holds a Google Cloud partnership aimed at accelerating Web3 developer adoption, a relationship that raises the reputational stakes of the current incident.

ZetaChain reported 4 million unique connected wallets, 150 million transactions, and 290 integrated decentralized applications as of early 2026. The scale of that ecosystem makes a pause in cross-chain activity consequential even when user funds are not directly at risk.

Market reaction and token data

ZETA, the network's native token, fell roughly 4.8 to 5.6 percent in the 24 hours following the incident, trading near $0.054 to $0.057 as of April 28. Market capitalization sits at approximately $73 million to $77 million, with a fully diluted valuation near $112.9 million. Circulating supply is around 1.4 billion tokens against a maximum supply of 2.1 billion. Daily trading volume was approximately $4.97 million; OKX's ZETA/USDT pair accounted for the largest single-venue share of that total, at approximately $519,000 or roughly 10 percent of the day's activity. ZetaChain ranks around number 293 on CoinMarketCap.

A pattern forming in cross-chain security

The ZetaChain incident is the second significant cross-chain exploit in April 2026 alone. On April 19, KelpDAO suffered a $292 million breach after attackers manipulated cross-chain message verification on LayerZero. An earlier 2026 Drift Protocol exploit caused approximately $285 million in losses, meaning KelpDAO's breach narrowly exceeds it as the largest single DeFi exploit of the year to date. The KelpDAO attack triggered cascading stress across DeFi protocols, with Aave reportedly facing up to $230 million in risk exposure and roughly $6 billion in total value locked leaving the platform amid the panic. Total DeFi losses through mid-April 2026 have exceeded $750 million, with bridge and cross-chain exploits accounting for the majority of that damage. The KelpDAO and ZetaChain incidents are separate events on separate protocols, but together they reinforce a clear pattern: cross-chain message verification and gateway contract architecture are the most actively targeted surfaces in the current threat environment.

This is not ZetaChain's first reliability event. In late 2024, the network experienced a six-hour block production outage caused by a consensus failure tied to a validator software update. That was a configuration issue rather than a deliberate exploit. Monday's attack represents a more serious category of incident.

Regional implications

The pause carries specific weight for developers and users in regions where ZetaChain's omnichain architecture has the most direct economic relevance.

In South Asia, where cross-border remittance volumes are among the highest globally, ZetaChain's architecture is of particular relevance to developers building multi-chain payment and DeFi applications in markets such as India, Pakistan, and Bangladesh. A sustained disruption at the gateway layer has the potential to affect those integrations as they develop.

In the Middle East, stc Bahrain has partnered with ZetaChain through its Pearling Path Web3 Launchpad Programme, a concrete institutional relationship that may face scrutiny following this incident.

Across African markets, where stablecoin bridging serves as a practical alternative to legacy remittance rails, any demonstrated fragility in cross-chain infrastructure is a trust signal that developers and users will weigh carefully.

What comes next

ZetaChain has committed to releasing a detailed post-mortem once its internal investigation is complete. Until that report is published, developers building on ZetaChain, particularly those whose contracts interface with the GatewayEVM component or use ZRC-20 token routing, should audit their dependencies and consider pausing production deployments that rely on the gateway. The exact loss figure from team wallets and the precise technical mechanism of the attack remain unconfirmed.