{"id":835904,"date":"2025-03-22T08:11:39","date_gmt":"2025-03-22T13:11:39","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/03\/22\/real-world-asset-rwa-re-staking-protocol-zoth-loses-8-4m-to-hackers\/"},"modified":"2025-03-22T08:11:39","modified_gmt":"2025-03-22T13:11:39","slug":"real-world-asset-rwa-re-staking-protocol-zoth-loses-8-4m-to-hackers","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/03\/22\/real-world-asset-rwa-re-staking-protocol-zoth-loses-8-4m-to-hackers\/","title":{"rendered":"Real-world asset (RWA) re-staking protocol Zoth loses $8.4M to hackers"},"content":{"rendered":"<div data-site=\"CoinJournal\">\n<div data-site=\"CoinJournal\">\n<picture><source  type=\"image\/webp\" media=\"(min-width: 750px)\"><source  type=\"image\/webp\"><source  type=\"image\/jpeg\" media=\"(min-width: 750px)\"><source  type=\"image\/jpeg\"><img decoding=\"async\" src=\"https:\/\/coinjournal.net\/wp-content\/uploads\/2024\/09\/WazirX-hacker-sends-6.5M-ETH-to-Tornado-Cash.jpg\" alt=\"Real-world asset (RWA) re-staking protocol Zoth loses $8.4M to hackers\" width=\"100%\" height=\"100%\">\n<\/picture>                            <\/div>\n<ul>\n<li>Zoth has lost $8.4M in a hack due to a compromised deployer wallet.<\/li>\n<li>Admin privilege leak is being blamed for the attack.<\/li>\n<li>The attacker swapped stolen USD0++ to DAI and ETH, evading tracking.<\/li>\n<\/ul>\n<p>Zoth, a real-world asset (RWA) re-staking protocol designed to bridge traditional finance with blockchain technology, has suffered an exploit that drained over $8.4 million in crypto assets.<\/p>\n<p>The incident, flagged by blockchain security firm Cyvers just after midday, sent shockwaves through the ecosystem, prompting Zoth to halt operations and place its website into maintenance mode as the team scrambled to respond.<\/p>\n<p>The breach unfolded with alarming speed and precision, exposing vulnerabilities in Zoth\u2019s infrastructure.<\/p>\n<p>According to Cyvers, the protocol\u2019s deployer wallet\u2014the critical administrative backbone of the system\u2014was compromised. Roughly 30 minutes before the hack was detected, an attacker upgraded the \u201cUSD0PPSubVaultUpgradeable\u201d proxy contract to a malicious version, deployed from a suspicious address.<\/p>\n<blockquote data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">????ALERT????Our system has detected a suspicious transaction involving <a href=\"https:\/\/twitter.com\/zothdotio?ref_src=twsrc%5Etfw\">@zothdotio<\/a>. It appears that the protocol&#8217;s deployer wallet has been compromised.<\/p>\n<p>30 minutes ago, the proxy contract &#8220;USD0PPSubVaultUpgradeable&#8221; was upgraded to a contract created by a suspicious address.<br \/>The\u2026 <a href=\"https:\/\/t.co\/3OHmvJYpR5\">pic.twitter.com\/3OHmvJYpR5<\/a><\/p>\n<p>\u2014 ???? Cyvers Alerts ???? (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1903021017460600885?ref_src=twsrc%5Etfw\">March 21, 2025<\/a><\/p>\n<\/blockquote>\n<p>This swift manoeuvre allowed the hacker to bypass existing security measures, granting them instant control over user funds and enabling the withdrawal of $8.4 million worth of USD0++ tokens.<\/p>\n<p>In the minutes following the theft, the attacker wasted no time covering their tracks. The stolen assets were rapidly converted into the DAI stablecoin and funnelled to a separate address, a move designed to obscure the funds\u2019 origins.<\/p>\n<p>Later, as reported by blockchain analytics firm PeckShield, the hacker swapped the assets into Ethereum (ETH), valued at approximately $1,967 per unit at the time, further complicating efforts to trace the loot.<\/p>\n<blockquote data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/zothdotio?ref_src=twsrc%5Etfw\">@zothdotio<\/a> hacker has swapped the stolen funds for 4,223 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> <a href=\"https:\/\/t.co\/OAlYk1TqJg\">pic.twitter.com\/OAlYk1TqJg<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1903040662829768994?ref_src=twsrc%5Etfw\">March 21, 2025<\/a><\/p>\n<\/blockquote>\n<p>This sophisticated sequence of transactions underscored the attacker\u2019s familiarity with DeFi mechanics and their intent to evade recovery attempts.<\/p>\n<h2>Zoth has acknowledged the hack<\/h2>\n<p>Zoth\u2019s team was quick to acknowledge the breach, issuing a security notice on X at 3:02 AM PDT on March 21. They confirmed the incident and assured users that they were investigating with urgency, collaborating with partners to mitigate the fallout.<\/p>\n<p>The platform has vowed to release a comprehensive report once it completes its probe, a promise echoed in its commitment to transparency amid the chaos.<\/p>\n<blockquote data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Security Notice<\/p>\n<p>Our system has experienced a security breach. We\u2019re actively investigating the incident and taking all necessary steps to resolve it as swiftly as possible.<\/p>\n<p>We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed\u2026<\/p>\n<p>\u2014 ZOTH (@zothdotio) <a href=\"https:\/\/twitter.com\/zothdotio\/status\/1903024419028734265?ref_src=twsrc%5Etfw\">March 21, 2025<\/a><\/p>\n<\/blockquote>\n<p>For a protocol that had raised $4 million in August 2024 to tokenize secure assets like US Treasury Bills, the hack was a stark reminder of the risks lurking in even the most promising DeFi ventures.<\/p>\n<div>\n<hr>\n<h6>Share this article<\/h6>\n<hr>\n<h6>Categories<\/h6>\n<hr>\n<h6>Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/real-world-asset-rwa-re-staking-protocol-zoth-loses-8-4m-to-hackers\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Charles Thuo<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zoth has lost $8.4M in a hack due to a compromised deployer wallet. Admin privilege leak is being blamed for the attack. The attacker swapped stolen USD0++ to DAI and ETH, evading tracking. Zoth, a real-world asset (RWA) re-staking protocol designed to bridge traditional finance with blockchain technology, has suffered an exploit that drained over<\/p>\n","protected":false},"author":1,"featured_media":835905,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36181,33937],"tags":[],"class_list":{"0":"post-835904","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-asset","8":"category-real-world"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/835904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=835904"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/835904\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/835905"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=835904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=835904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=835904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}