Real-world asset (RWA) re-staking protocol Zoth suffers exploit, leading to over $8.4 million in losses
Real-world asset (RWA) re-staking protocol Zoth suffered an exploit leading to over $8.4 million in losses, prompting the platform to put its site in maintenance mode.
On March 21, blockchain security firm Cyvers flagged a suspicious Zoth transaction. The security firm revealed that the protocol’s deployer wallet had been compromised and that the attacker withdrew over $8.4 million in crypto assets.
The blockchain security firm reported that within minutes, the stolen assets were converted into the DAI stablecoin and transferred to a different address.
Cyvers added that the protocol’s website had been placed in maintenance mode in response to the incident. In a security notice, the platform confirmed that it had experienced a security breach. The protocol stated that it was working to resolve the issue as soon as possible.
The Zoth team mentioned that they were collaborating with their partners to “mitigate the impact” and fully resolve the situation. The platform promised to release a detailed report once the investigation is completed.
Since the hack, the attackers have moved the funds and swapped the assets into Ether (ETH), according to PeckShield.
Hack likely caused by admin privilege leak
In a statement, the Cyvers team highlighted the vulnerabilities in smart contract protocols and the need for enhanced security.
Cyvers Alerts senior SOC lead Hakan Unal told Cointelegraph that a leak in admin privileges likely caused the hack. Unal explained that about 30 minutes before the hack was detected, a Zoth contract was upgraded to a malicious version deployed by a suspicious address.
“Unlike typical exploits, this method bypassed security mechanisms and gave full control over user funds instantly,” the security professional said.
The security expert further explained that this type of attack could be prevented by implementing multisig contract upgrades to avoid single-point failures, adding timelocks on upgrades to allow for monitoring, and placing real-time alerts for admin role changes. Unal also recommended better key management to prevent unauthorized access.
While the attack could have been prevented, Unal believes that this type of attack may remain a problem in decentralized finance (DeFi). The security professional told Cointelegraph that admin key compromises continue to pose a “major risk” within the DeFi ecosystem.
“Without decentralized upgrade mechanisms, attackers will continue targeting privileged roles to take over protocols,” Unal added.