Crypto hack leads to $8.4m loss for RWA restaking protocol Zoth

Bitget App

Trade smarter

Crypto.News2025/03/20 16:00

By:By Micah ZimmermanEdited by Jayson Derrick

Zoth, an Ethereum-based real-world asset platform, has suffered an $8.85 million exploit after attackers gained unauthorized access to a private key.

The breach marks the second major security incident for Zoth in a month, highlighting ongoing vulnerabilities in DeFi protocols.

The attacker reportedly compromised the protocol’s deployer wallet, allowing them to upgrade the “USD0PPSubVaultUpgradeable” proxy contract to a contract under their control.

https://twitter.com/CyversAlerts/status/1903021017460600885?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet

This maneuver helped them to withdraw $8.4 million in Zoth’s USD0++ stablecoin, which was quickly swapped for 8.3 million DAI and moved to an external address.

In response, Zoth has placed its website in maintenance mode and is working with security partners to assess the damage and prevent further exploits.

Crypto hack leads to $8.4m loss for RWA restaking protocol Zoth image 0

Source: Zoth.io

Proxy contract hack

Proxy contracts, widely used in DeFi for upgradability, introduce a risk when private keys securing them are compromised. The unauthorized upgrade in Zoth’s case demonstrates how attackers can manipulate contract logic to reroute funds without resistance.

This breach follows a March 6 exploit in which Zoth lost $285,000 due to a liquidity pool vulnerability. Repeated security failures raise concerns about the platform’s risk management and could invite regulatory scrutiny.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.

APR up to 10%. Always on, always get airdrop.

Lock now!