Crypto hack leads to $8.4m loss for RWA restaking protocol Zoth

Zoth, a active active platform from the real world based in Ethereum, underwent an exploit of $ 8.85 million after the attackers acquired unauthorized access to a private key.

The violation marks the second important security incident for Zoth in a month, highlighting the current vulnerabilities in the DEFI protocols.

The attacker would have compromised the protocol deployer portfolio, allowing them to upgrade the “USD0PPSUBVAULTUPGRADABLE” proxy contract to a contract under their control.

This maneuver helped them withdraw $ 8.4 million in the stablecoin of USD ++ from Zoth, which was quickly exchanged for 8.3 million DAI and moved to an external address.

In response, Zoth has placed its website in maintenance mode and works with security partners to assess damage and prevent other exploits.

Proxy contract hack

The proxy contracts, widely used in DEFI for upgrading, introduce a risk when the private keys which ensure them are compromised. The unauthorized upgrade in the case of Zoth shows how attackers can manipulate the contractual logic to redirect the funds without resistance.

This violation follows on March 6 exploit In which Zoth lost $ 285,000 due to a vulnerability of the liquidity swimming pool. Repeated security failures raise concerns about the risk management of the platform and could invite a regulatory examination.