What security vulnerabilities led to the compromise of Zoth’s deployer wallet? How did the attacker manage to execute the breach, and what steps did they take to convert the stolen funds? What measures has Zoth implemented in response to the security breach, and what is the current status of its operations? How does the Zoth incident compare to other significant security breaches in the crypto space during February 2025? What lessons can be learned from the Zoth hack regarding the importance of cybersecurity in decentralized finance?
Real-world assets (RWA) restaking protocol Zoth has fallen victim to a security breach, resulting in the loss of approximately $8.4 million in crypto assets. On March 21, the blockchain security firm Cyvers Alerts reported the incident, indicating a compromised deployer wallet as the root cause.
According to Cyvers Alerts, the attack was preceded by an upgrade to a proxy contract named "USD0PPSubVaultUpgradeable," linked to an address associated with the suspected attacker. Shortly thereafter, the attacker drained $8.4 million in the protocol’s USD0++ stablecoin. The stolen funds were rapidly converted into the DAI stablecoin and transferred to a separate address. Following the hack, the attackers have moved the funds and swapped the assets into Ether (ETH), according to PeckShield.
In response to the breach, Zoth’s website was taken offline and is currently under maintenance. Zoth issued a statement on X acknowledging the security breach, stating, “Our system has experienced a security breach. We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed report with a clear view will be shared once the investigation is complete.”
The community remains vigilant as Zoth works to address the security breach. Further updates are expected as the investigation progresses.
Zoth, founded in January 2023 by Pritam Dutta and Koushik Bhargav, secured $4 million in funding in August 2024 to launch its tokenized liquid note, backed by US Treasury Bills and top-rated corporate bonds. The funding round attracted support from notable investors including Borderless, Blockchain Founders Fund, Taisu Ventures, G20, Fat Cat Ventures, GemHead Capital, and angels from Coinbase and Hedera, as well as a grant from Ripple’s XRPL Foundation.
Zoth’s core product is ZeUSD, a stablecoin fully backed by Zoth Tokenized Liquid Notes (ZTLN), with its reserve anchored by RWAs issued on ZothFI.
The Zoth incident adds to a concerning trend of security breaches within the crypto space. Notably, February 2025 has been marked as a particularly devastating month, with hackers reportedly extracting over $1.5 billion across just four high-value exploits. This unprecedented level of theft was largely attributed to the Lazarus Group’s sophisticated attack on the Bybit exchange, where they employed social engineering tactics to deploy a malicious version of the Safe UI, siphoning off over $1.46 billion.
Beyond the Bybit breach, other notable incidents in February 2025 showed the diverse vulnerabilities within decentralized finance (DeFi). Ionic Money, a decentralised non-custodial money market protocol, suffered an $8.6 million loss due to a social engineering attack involving the manipulation of LBTC collateral. zkLend, a lending platform on Starknet, fell victim to a $9.5 million exploit stemming from a rounding error in its smart contract. Additionally, Hong Kong-based stablecoin digital bank Infini experienced a nearly $50 million leak orchestrated by a former rogue developer using a compromised private key with elevated privileges.
These incidents highlight the ongoing security challenges faced by DeFi protocols and show the importance of rigorous security audits and proactive measures to protect user funds.
The post RWA Restaking Protocol Zoth Suffers $8.4M Exploit, Attacker Converts Funds to DAI appeared first on Cryptonews.
RWA Restaking Protocol Zoth Suffers $8.4M Exploit; Attacker Converts Funds to DAI
In the rapidly evolving landscape of decentralized finance (DeFi), security vulnerabilities remain a significant challenge for protocols and their users alike. The recent exploit of the RWA (Real-World Assets) restaking protocol, Zoth, has sent shockwaves throughout the DeFi community, highlighting the persistent risks inherent in blockchain technology. The exploit, which transpired late last week, has resulted in the unauthorized draining of approximately $8.4 million worth of assets, raising serious concerns about the security measures employed by DeFi projects.
Understanding Zoth
Zoth was designed to unlock the potential of real-world assets in the DeFi ecosystem. Its innovative restaking feature aimed to future-proof the decentralized finance sector by allowing users to restake their assets backed by verifiable real-world collateral. By bridging the gap between traditional assets and digital finance, Zoth sought to attract a wide range of users, including those who may have been hesitant to enter the DeFi space due to concerns about asset volatility and security.
However, as Zoth gained traction, it became a target for malicious actors who were keen to exploit vulnerabilities in its infrastructure. The protocol’s architectural complexity, which was intended to facilitate a more robust DeFi environment, inadvertently opened doors for exploitation.
The Exploit: What Happened?
Details surrounding the exploit are still emerging, but preliminary analysis indicates that the attacker leveraged a vulnerability in Zoth’s smart contracts. Initially, the attacker executed a series of calls that deceived the protocol into executing unauthorized transactions. By manipulating these smart contracts, the perpetrator was able to siphon off funds from users’ wallets, routing them to an external address.
The breach was discovered shortly after the exploit occurred, prompting immediate action from Zoth’s development team and community. However, by the time alerts were raised, the attacker already managed to convert a significant portion of the stolen assets into DAI, a widely used decentralized stablecoin on the Ethereum blockchain. This conversion is notable, as DAI tends to maintain a stable value relatively close to one U.S. dollar, making it a desirable asset for laundering stolen funds.
Community Reaction and Response
The aftermath of the exploit sparked outrage and disappointment within the community, particularly among those who had invested their assets into the Zoth protocol. Users demanded transparency from Zoth’s team, seeking clarification on how such a vulnerability could have existed within their system. Many users expressed their frustration on social media, articulating fears that the incident would lead to a broader decline in trust within the DeFi space.
In response to the exploit, Zoth’s developers launched an investigation into the incident, enlisting security experts to audit the code and identify the vulnerability exploited by the attacker. A core priority for the team was to mitigate further risks, particularly in the short term, to safeguard the remaining assets within the protocol. Additionally, the team announced plans to implement critical updates and patches to prevent similar attacks in the future.
Broader Implications for DeFi Security
The Zoth exploit is a stark reminder of the security challenges that remain pervasive in the decentralized finance sector. As more protocols innovate and expand their offerings, they often do so at the risk of introducing vulnerabilities into their systems. The incident underscores the need for rigorous code audits, comprehensive testing, and adherence to best practices for smart contract security.
DeFi protocols should prioritize transparency and communication with their communities, especially in the aftermath of an exploit. Engaging users in discussions about the measures being taken to enhance security can help rebuild trust and foster a sense of safety among participants in the ecosystem. The Zoth incident highlights the necessity for continuous education and awareness regarding security practices among users, developers, and investors alike.
The Road Ahead
As Zoth begins the arduous process of recovery from this exploit, the broader DeFi community must also reflect on the lessons learned from this incident. A collaborative effort to enhance security standards, coupled with ongoing dialogues about risks and mitigations, will be essential for progressing towards a more secure and resilient DeFi landscape.
Investors in the protocol, as well as others in the DeFi space, should remain vigilant and proactively seek information regarding the protocols they choose to engage with. As DeFi continues to mature, it will be critical for projects like Zoth to demonstrate their commitment to security and community engagement in order to regain trust and establish themselves as viable players in the crypto economy.
In conclusion, while the $8.4 million exploit of Zoth is disheartening, it serves as an important catalyst for discussion and reform within DeFi. With concerted effort and determination, the industry can evolve, learn from past mistakes, and strive toward a more secure future for all participants.
The RWA Restaking Protocol Zoth has recently faced a significant security breach, resulting in an exploit that led to the theft of approximately $8.4 million. In a surprising turn of events, the attacker managed to convert the stolen funds into DAI, a widely used stablecoin.
This incident highlights the vulnerabilities present in decentralized finance platforms and the ongoing challenges they face in securing user funds. The rapid devaluation and conversion of crypto assets by malicious actors underscore the necessity for enhanced security measures and auditing processes in the blockchain space to protect against future attacks. The Zoth team will likely need to reassess their security protocols and engage with the community to recover from this incident and rebuild trust.
As the situation develops, the implications of this exploit will resonate throughout the DeFi ecosystem, prompting discussions on measures to mitigate risks and enhance the resilience of such protocols against similar threats.