DeFi Drama: How Zoth Lost Millions in a Crypto Heist 🕵️‍♂️💸

Ah, Zoth, the Ethereum-based real-world asset platform, has once again found itself in the throes of misfortune. This time, it was an $8.85 million exploit, courtesy of some crafty attackers who managed to get their grubby hands on a private key. 🕵️‍♂️💻

This marks the second major security incident for Zoth in just a month, proving that the world of DeFi is as secure as a chocolate teapot. 🍫☕

The attackers, with the finesse of a seasoned pickpocket, compromised the protocol’s deployer wallet. This allowed them to upgrade the “USD0PPSubVaultUpgradeable” proxy contract to one under their control. 🎭💼

With this clever maneuver, they managed to withdraw $8.4 million in Zoth’s USD0++ stablecoin, which was swiftly swapped for 8.3 million DAI and whisked away to an external address. 🏃‍♂️💨

//crypto.news/app/uploads/2025/03/Screenshot-2025-03-21-at-10.49.26-AM.png”/>

Proxy contract hack

Proxy contracts, the darlings of DeFi for their upgradability, introduce a risk when the private keys securing them are compromised. The unauthorized upgrade in Zoth’s case is a masterclass in how attackers can manipulate contract logic to reroute funds without so much as a by-your-leave. 🎓💼

This breach follows a March 6 exploit in which Zoth lost $285,000 due to a liquidity pool vulnerability. Repeated security failures are raising eyebrows and could very well invite the long arm of regulatory scrutiny. 👀📜

Read More

2025-03-21 18:03