Actual-world belongings (RWA) restaking protocol Zoth has fallen sufferer to a safety breach, ensuing within the lack of roughly $8.4 million in crypto belongings.
On March 21, the blockchain safety agency Cyvers Alerts reported the incident, indicating a compromised deployer pockets as the foundation trigger.
ALERT
half-hour in the past, the proxy contract "USD0PPSubVaultUpgradeable" was upgraded to a contract created by a suspicious tackle.
The… pic.twitter.com/3OHmvJYpR5—
Exploit Triggered by Contract Improve
Based on Cyvers Alerts, the assault was preceded by an improve to a proxy contract named “USD0PPSubVaultUpgradeable,” linked to an tackle related to the suspected attacker.
Shortly thereafter, the attacker drained $8.4 million within the protocol’s USD0++ stablecoin.
The stolen funds have been quickly transformed into the DAI stablecoin and transferred to a separate tackle.
Following the hack, the attackers have moved the funds and swapped the belongings into Ether (ETH), in accordance with PeckShield.
#PeckShieldAlert @zothdotio hacker has swapped the stolen funds for 4,223 $ETH pic.twitter.com/OAlYk1TqJg
— PeckShieldAlert (@PeckShieldAlert) March 21, 2025
In response to the breach, Zoth’s web site was taken offline and is presently beneath upkeep.
Zoth issued an announcement on X acknowledging the safety breach, stating, “Our system has skilled a safety breach. We’re working intently with our companions to mitigate the affect and absolutely resolve the problem. An in depth report with a transparent view will likely be shared as soon as the investigation is full.”
Safety Discover
Our system has skilled a safety breach. We’re actively investigating the incident and taking all obligatory steps to resolve it as swiftly as doable.
We’re working intently with our companions to mitigate the affect and absolutely resolve the problem. An in depth…
— ZOTH (@zothdotio) March 21, 2025
The group stays vigilant as Zoth works to handle the safety breach. Additional updates are anticipated because the investigation progresses.
Zoth’s Launch and Funding Particulars
Zoth, based in January 2023 by Pritam Dutta and Koushik Bhargav, secured $4 million in funding in August 2024 to launch its tokenized liquid be aware, backed by US Treasury Payments and top-rated company bonds.
The funding spherical attracted assist from notable buyers together with Borderless, Blockchain Founders Fund, Taisu Ventures, G20, Fats Cat Ventures, GemHead Capital, and angels from Coinbase and Hedera, in addition to a grant from Ripple’s XRPL Basis.
Saying: We've prolonged our increase to $4M in a strategic funding spherical to convey institutional-grade yield avenues onchain
The funds will assist us construct a multichain #RWA ecosystem in preparation for Zoth's upcoming public providing.
Particulars
https://t.co/keFTcmaRbJ pic.twitter.com/RGcY98iKLX
— ZOTH (@zothdotio) August 5, 2024
Zoth’s core product is ZeUSD, a stablecoin absolutely backed by Zoth Tokenized Liquid Notes (ZTLN), with its reserve anchored by RWAs issued on ZothFI.
Rising Crypto Safety Issues
The Zoth incident provides to a regarding pattern of safety breaches inside the crypto area.
Notably, February 2025 has been marked as a very devastating month, with hackers reportedly extracting over $1.5 billion throughout simply 4 high-value exploits.
This unprecedented stage of theft was largely attributed to the Lazarus Group’s subtle assault on the Bybit alternate, the place they employed social engineering techniques to deploy a malicious model of the Secure UI, siphoning off over $1.46 billion.
This single exploit dwarfed earlier heists, exceeding the notorious Ronin Community hack by a big margin.
Past the Bybit breach, different notable incidents in February 2025 confirmed the varied vulnerabilities inside decentralized finance (DeFi).
Ionic Cash, a decentralised non-custodial cash market protocol, suffered an $8.6 million loss on account of a social engineering assault involving the manipulation of LBTC collateral.
zkLend, a lending platform on Starknet, fell sufferer to a $9.5 million exploit stemming from a rounding error in its good contract.
Moreover, Hong Kong-based stablecoin digital financial institution Infini skilled a virtually $50 million leak orchestrated by a former rogue developer utilizing a compromised personal key with elevated privileges.
These incidents spotlight the continued safety challenges confronted by DeFi protocols and present the significance of rigorous safety audits and proactive measures to guard consumer funds.
The publish RWA Restaking Protocol Zoth Suffers $8.4M Exploit, Attacker Converts Funds to DAI appeared first on Cryptonews.