Real-world assets (RWA) restaking protocol Zoth has fallen victim to a security breach, resulting in the loss of approximately $8.4 million in crypto assets.
On March 21, the blockchain security firm Cyvers Alerts reported the incident, indicating a compromised deployer wallet as the root cause.
ALERTOur system has detected a suspicious transaction involving @zothdotio. It appears that the protocol’s deployer wallet has been compromised.
30 minutes ago, the proxy contract “USD0PPSubVaultUpgradeable” was upgraded to a contract created by a suspicious address.
The… pic.twitter.com/3OHmvJYpR5
— Cyvers Alerts (@CyversAlerts) March 21, 2025
Exploit Triggered by Contract Upgrade
According to Cyvers Alerts, the attack was preceded by an upgrade to a proxy contract named “USD0PPSubVaultUpgradeable,” linked to an address associated with the suspected attacker.
Shortly thereafter, the attacker drained $8.4 million in the protocol’s USD0++ stablecoin.
The stolen funds were rapidly converted into the DAI stablecoin and transferred to a separate address.
Following the hack, the attackers have moved the funds and swapped the assets into Ether (ETH), according to PeckShield.
#PeckShieldAlert @zothdotio hacker has swapped the stolen funds for 4,223 $ETH pic.twitter.com/OAlYk1TqJg
— PeckShieldAlert (@PeckShieldAlert) March 21, 2025
In response to the breach, Zoth’s website was taken offline and is currently under maintenance.
Zoth issued a statement on X acknowledging the security breach, stating, “Our system has experienced a security breach. We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed report with a clear view will be shared once the investigation is complete.”
Security Notice
Our system has experienced a security breach. We’re actively investigating the incident and taking all necessary steps to resolve it as swiftly as possible.
We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed…
— ZOTH (@zothdotio) March 21, 2025
The community remains vigilant as Zoth works to address the security breach. Further updates are expected as the investigation progresses.
Zoth’s Launch and Funding Details
Zoth, founded in January 2023 by Pritam Dutta and Koushik Bhargav, secured $4 million in funding in August 2024 to launch its tokenized liquid note, backed by US Treasury Bills and top-rated corporate bonds.
The funding round attracted support from notable investors including Borderless, Blockchain Founders Fund, Taisu Ventures, G20, Fat Cat Ventures, GemHead Capital, and angels from Coinbase and Hedera, as well as a grant from Ripple’s XRPL Foundation.
Announcing: We’ve extended our raise to $4M in a strategic funding round to bring institutional-grade yield avenues onchain
The funds will help us build a multichain #RWA ecosystem in preparation for Zoth’s upcoming public offering.
Details https://t.co/keFTcmaRbJ pic.twitter.com/RGcY98iKLX
— ZOTH (@zothdotio) August 5, 2024
Zoth’s core product is ZeUSD, a stablecoin fully backed by Zoth Tokenized Liquid Notes (ZTLN), with its reserve anchored by RWAs issued on ZothFI.
Growing Crypto Security Concerns
The Zoth incident adds to a concerning trend of security breaches within the crypto space.
Notably, February 2025 has been marked as a particularly devastating month, with hackers reportedly extracting over $1.5 billion across just four high-value exploits.
This unprecedented level of theft was largely attributed to the Lazarus Group’s sophisticated attack on the Bybit exchange, where they employed social engineering tactics to deploy a malicious version of the Safe UI, siphoning off over $1.46 billion.
This single exploit dwarfed previous heists, exceeding the infamous Ronin Network hack by a significant margin.
Beyond the Bybit breach, other notable incidents in February 2025 showed the diverse vulnerabilities within decentralized finance (DeFi).
Ionic Money, a decentralised non-custodial money market protocol, suffered an $8.6 million loss due to a social engineering attack involving the manipulation of LBTC collateral.
zkLend, a lending platform on Starknet, fell victim to a $9.5 million exploit stemming from a rounding error in its smart contract.
Additionally, Hong Kong-based stablecoin digital bank Infini experienced a nearly $50 million leak orchestrated by a former rogue developer using a compromised private key with elevated privileges.
These incidents highlight the ongoing security challenges faced by DeFi protocols and show the importance of rigorous security audits and proactive measures to protect user funds.
The post RWA Restaking Protocol Zoth Suffers $8.4M Exploit, Attacker Converts Funds to DAI appeared first on Cryptonews.
