Zoth協議休息合同被黑客入侵，耗資840萬美元的用戶耗盡了

Zoth協議是一項重點是現實世界資產（RWA）風險的重新制定協議，並在3月21日進行了一次重大利用。違規行為損失了840萬美元。

Yerevan (Coin Chapter) – Zoth protocol, a restaking protocol with exposure to real-world assets, experienced a major exploit on March 21. The breach resulted in a loss of $8.4 million, leading the platform to take its website offline and move to maintenance mode.

埃里萬（Coin Chapter） - Zoth協議是一項重新制定的協議，並在3月21日經歷了重大利用。違規行為損失了840萬美元，導致該平台使其網站離線並轉移到維護模式。

The suspicious activity was flagged by blockchain security firm Cyvers, which traced the issue to the Zoth deployer wallet being compromised. The hacker drained over $8.4 million in assets and quickly converted the funds to DAI stablecoin.

可疑活動是由區塊鏈安全公司的核心標記的，該公司將問題追溯到Zoth Deployer Wallet被妥協。這位黑客排出了超過840萬美元的資產，並將資金迅速轉換為Dai Stablecoin。

The incident began around 3:30 PM (GMT+3) when a suspicious address upgraded one of Zoth’s core contracts, according to Unal, adding that the time difference might vary depending on the time zone.

根據Unal的說法，該事件始於下午3:30（GMT+3），當時可疑地址升級了Zoth的核心合同之一，並補充說，時間差可能會因時區而異。

Later, this upgrade was revealed to be a replacement of a secure contract with a malicious version, granting the attacker control over the system.

後來，該升級被發現是用惡意版本的安全合同的替換，從而授予了攻擊者對系統的控制。

“This method bypassed standard security mechanisms and gave full and immediate control over user funds,” Unal noted.

Unal指出：“這種方法繞過了標準安全機制，並對用戶資金產生了全面而直接的控制。”

The new unlinked address quickly moved the stolen funds and began converting them. According to Cyvers, the attacker quickly swapped the assets into DAI and transferred them to another wallet.

新的未鏈接地址迅速轉移了被盜的資金，並開始轉換它們。據Cymers稱，攻擊者迅速將資產交換為DAI，並將其轉移到另一個錢包中。

Later, blockchain firm PeckShield reported that the attacker swapped the DAI for Ether (ETH). The new address used for the swap was not linked to any centralized exchange or DeFi protocol.

後來，區塊鏈公司Peckshield報告說，攻擊者將DAI換成Ether（ETH）。用於交換的新地址沒有鏈接到任何集中式交換或FEFI協議。

The incident occurred despite the presence of a multisig setup for the admin key, which usually requires multiple parties to authorize any significant changes to the protocol. However, in this case, it appears that the attacker managed to gain access to the admin key and executed the upgrade without authorization from other parties in the multisig.

儘管存在用於管理密鑰的Multisig設置，該事件還是發生了，通常需要多方授權對協議進行任何重大更改。但是，在這種情況下，攻擊者似乎設法訪問了管理密鑰並執行了升級，而無需在Multisig中其他方面授權。

The admin key is a crucial security component of any DeFi protocol, as it grants the holder the highest level of authority over the protocol's operations.

管理密鑰是任何FEFI協議的至關重要的安全組件，因為它使持有人對協議運營的最高授權水平。

The exploitation of this key signifies a severe breach of security and a significant setback for the DeFi ecosystem.

對此鍵的開發表明，嚴重違反了安全性和對Defi生態系統的重大挫折。

As of yet, there is no confirmation yet on whether user funds will be recovered. Zoth protocol stated it is investigating the issue. The platform promised to release a full report once the internal review is complete.

到目前為止，尚無確認是否會恢復用戶資金。 Zoth協議指出，它正在研究該問題。該平台承諾在內部審查完成後發布完整的報告。