Zoth Losses $8.4M Exploit With Admin Privilege Breach
Real-world asset (RWA) restaking protocol Zoth lost over $8.4 million to a hacker who invaded admin privileges on March 21. The protocol then entered into maintenance mode after the investigations were conducted.
Cyvers Warns On Exploit, Trails Stolen Funds
Blockchain security firm Cyvers first detected the breach, flagging a suspicious transaction from Zoth’s deployer wallet. The attacker promptly exchanged the stolen funds for DAI stablecoin and transferred them to another wallet.
Zoth Responds to Breach, Prepares Full Report
Zoth admitted the attack in a security advisory, assuring users that it’s working diligently to address the issue. The company is working with its partners to reduce the loss and assured to publish a post-mortem report after conducting their investigation.
Funds Transferred to Ether, Activity Tracked
PeckShield says the hacker subsequently transferred the stolen funds and swapped them for Ether (ETH). The transfer challenged asset traceability and recovery.
Admin Privilege Leak Likely Cause
Cyvers’ senior lead in SOC, Hakan Unal, that the attack likely was caused by leaked admin privileges. About 30 minutes prior to the exploit, a Zoth contract had been upgraded by an illicit address, putting the attacker in command of the protocol.
“This method circumvented traditional security and provided the attacker with total control of user funds at once,” said Unal.
Experts Recommend Safer Security Habits
Unal highlighted that multisig upgrades, timelocks, and real-time admin alerts can be employed to avoid such attacks. He warned that admin key compromises are still a “major risk” for DeFi protocols.
“Without decentralized upgrade mechanisms, attackers will continue to target privileged roles,” Unal added.
