Zoth Protocol Resting Contract Hacked, $8.4 Million of Users' Funds Drained

Zoth protocol, a restaking protocol focused on real-world asset (RWA) exposure, experienced a major exploit on March 21. The breach resulted in a loss of $8.4 million.

Yerevan (Coin Chapter) – Zoth protocol, a restaking protocol with exposure to real-world assets, experienced a major exploit on March 21. The breach resulted in a loss of $8.4 million, leading the platform to take its website offline and move to maintenance mode.

The suspicious activity was flagged by blockchain security firm Cyvers, which traced the issue to the Zoth deployer wallet being compromised. The hacker drained over $8.4 million in assets and quickly converted the funds to DAI stablecoin.

The incident began around 3:30 PM (GMT+3) when a suspicious address upgraded one of Zoth’s core contracts, according to Unal, adding that the time difference might vary depending on the time zone.

Later, this upgrade was revealed to be a replacement of a secure contract with a malicious version, granting the attacker control over the system.

“This method bypassed standard security mechanisms and gave full and immediate control over user funds,” Unal noted.

The new unlinked address quickly moved the stolen funds and began converting them. According to Cyvers, the attacker quickly swapped the assets into DAI and transferred them to another wallet.

Later, blockchain firm PeckShield reported that the attacker swapped the DAI for Ether (ETH). The new address used for the swap was not linked to any centralized exchange or DeFi protocol.

The incident occurred despite the presence of a multisig setup for the admin key, which usually requires multiple parties to authorize any significant changes to the protocol. However, in this case, it appears that the attacker managed to gain access to the admin key and executed the upgrade without authorization from other parties in the multisig.

The admin key is a crucial security component of any DeFi protocol, as it grants the holder the highest level of authority over the protocol's operations.

The exploitation of this key signifies a severe breach of security and a significant setback for the DeFi ecosystem.

As of yet, there is no confirmation yet on whether user funds will be recovered. Zoth protocol stated it is investigating the issue. The platform promised to release a full report once the internal review is complete.