Hacker steals $8.4M from RWA restaking protocol Zoth
Real-world asset (RWA) re-staking protocol Zoth suffered an exploit leading to over $8.4 million in losses, leading the platform to put its site on maintenance mode. On March 21, blockchain security firm Cyvers flagged a...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Real-world asset (RWA) re-staking protocol Zoth suffered an exploit leading to over $8.4 million in losses, leading the platform to put its site on maintenance mode.
On March 21, blockchain security firm Cyvers flagged a suspicious Zoth transaction. The security firm said that the protocol’s deployer wallet was compromised and that the attacker withdrew over $8.4 million in crypto assets.
The blockchain security firm said that within minutes, the stolen assets were converted into the DAI stablecoin and were transferred to a different address.
Cyvers added the protocol’s website had been maintained in response to the incident. In a security notice, the platform confirmed that it had a security breach. The protocol said it’s working to resolve the problem as soon as possible.
The Zoth team said it worked with its partners to “mitigate the impact” and fully resolve the situation. The platform promised to publish a detailed report once its investigation is completed.
Since the hack, the attackers have moved the funds and swapped the assets into Ether (ETH), according to PeckShield.
Hacker moves stolen funds. Source: Peckshield
Related: SMS scammers posing as Binance have an even trickier way to fool victims
Hack likely caused by admin privilege leakIn a statement, the Cyvers team said the incident highlights vulnerabilities in smart contract protocols and the need for better security.
Cyvers Alerts senior SOC lead Hakan Unal told Cointelegraph that a leak in admin privileges likely caused the hack. Unal said that about 30 minutes before the hack was detected, a Zoth contract was upgraded to a malicious version deployed by a suspicious address.
“Unlike typical exploits, this method bypassed security mechanisms and gave full control over user funds instantly,” the security professional said.
The security professional told Cointelegraph that this type of attack could be prevented by implementing multisig contract upgrades to prevent single-point failures, adding timelocks on upgrades to allow monitoring and placing real-time alerts for admin role changes. Unal added that better key management is also advised to prevent unauthorized access.
While the attack could be prevented, Unal believes that this type of attack may continue to be a problem in decentralized finance (DeFi). The security professional told Cointelegraph that admin key compromises remain a “major risk” in the DeFi ecosystem.
“Without decentralized upgrade mechanisms, attackers will continue targeting privileged roles to take over protocols,” Unal added.
Magazine: Memecoins are ded — But Solana ‘100x better’ despite revenue plunge
Why this matters
This blockchain story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
Across Protocol confirms Solana bridge attack, says user funds are safe
Across Protocol confirmed an attack on its Solana bridge deployment, disabling deposits while assuring users their funds remain sa...
Bitmine nears its Ethereum buying limit – Now it needs demand to make the bet pay off
Bitmine plans to slow its Ethereum purchases as its holdings approach 5% of the cryptocurrency’s supply, ending a year of rapid ac...
Dutch crypto exchange collapses exposing customer balances’ true value amid multi-million-euro hole
Dutch crypto exchange Knaken's operating company and its affiliated payments foundation entered court-controlled bankruptcy on Jul...
Citadel backs two rival crypto exchanges with $600 million as both chase the same Wall Street prize
Citadel Securities, the Wall Street market maker, now has $600 million in announced strategic investments across two rival crypto...
SEC E-Delivery Plan Could Change How Crypto Fund Disclosures Reach Investors
The SEC is pushing further into electronic delivery for investment disclosures, a move that could matter for crypto funds as much...
Trump aide allegedly made $100K betting on 12 speeches before anyone knew – then Kalshi stepped in
The White House placed longtime teleprompter operator Gabriel Perez on unpaid administrative leave on July 16 after ABC News repor...