Zilliqa CEO Resigns Following Security Breach
Zilliqa has announced the resignation of its CEO, Matt Dyer, just two months after the blockchain platform experienced a significant security breach involving its cross-chain bridge. The company made the announcement via a statement on X, confirming that Dyer has vacated his position as Chief Executive Officer of Zilliqa Technology.
Transition Period Without Immediate Replacement
Following Dyer’s departure, Zilliqa has chosen not to appoint a new CEO right away. Instead, the company stated that daily operations will be managed by internal leadership during this transitional phase. They described this period as “interim,” emphasizing a focus on the migration to Zilliqa 2.0, which is a crucial upgrade for the platform. The company expressed its regret over Dyer’s resignation and extended thanks for his contributions, wishing him well in his future endeavors.
Future Leadership Strategy After Upgrade
The company indicated that a “long-term strategy for the company’s leadership” will be established after the completion of the Zilliqa 2.0 migration. This implies that the organization is prioritizing its technical advancements over the immediate need for a new executive leader. Zoltan Fazekas will continue to lead the technical team, as highlighted in the announcement, overseeing protocol development efforts.
Security Incident and Exploit Details
The leadership transition coincides with Zilliqa’s efforts to regain user trust following the recent security breach. On February 6, 2025, Zilliqa’s X-Bridge framework was compromised due to a bug found in one of its token manager contracts. This vulnerability permitted an attacker to generate unauthorized Zilliqa-bridged versions of Ethereum (zETH) and Binance Smart Chain (zBNB) tokens without the necessary asset locks on their home networks. The exploit led to the unauthorized extraction of 531 zETH and 2.2133 zBNB tokens.
Immediate Actions Taken by Zilliqa
After the exploit, the attacker managed to bridge some of the generated tokens back to their native blockchains and exchanged others on ZilSwap, the project’s decentralized exchange, ultimately acquiring around $42,000 in USDT and 0.0718 zWBTC. As the incident unfolded, Dyer took to social media to issue urgent alerts, advising users against interacting with the X-Bridge protocol or trading any zETH on ZilSwap. He underscored the seriousness of the situation, assuring users that the team was actively working to resolve the issue.
Response Measures Implemented
In response to the exploit, Zilliqa’s technical team promptly disabled the bridge relayer and paused the affected token manager contracts to prevent additional unauthorized minting. They also collaborated with Switcheo, the operator of ZilSwap, to suspend all zETH pools, thereby limiting the attacker’s capacity to liquidate the fraudulent tokens. Following the breach, Zilliqa implemented new contracts for zETH and zBNB that preserved legitimate balances based on specific blockchain snapshots, effectively removing any invalid tokens created by the attacker from circulation. Users who engaged with zETH or zBNB after the exploit were offered a support window. Throughout this incident, Dyer remained active in managing public communications, continually urging users to exercise caution and adhere to official guidance.
