News linked to both this project and an event.
According to an official disclosure by ZetaChain, on April 27, ZetaChain suffered a targeted vulnerability exploit. The attacker first acquired funds via Tornado Cash and performed wallet address spoofing, then exploited a vulnerability in GatewayEVM’s arbitrary call functionality, resulting in approximately $334,000 in losses across four connected chains. ZetaChain stated that this attack did not affect cross-chain $ZETA transfers; all affected wallets were under ZetaChain’s internal control, and user funds remained unaffected. A patch for the mainnet has now been deployed, and cross-chain transactions will resume after ongoing monitoring.
On-chain investigator ZachXBT updated that funds related to the KelpDAO attack have begun moving: approximately $1.5 million has been cross-chained from Ethereum Mainnet to the Bitcoin network via Thorchain, and roughly $78,000 has been transferred via Umbra. The attacking address initially sourced its funds from Tornado Cash, and fund laundering and cross-chain transfers are ongoing.
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.