Ethereum Platform Zoth Faces $8.85 Million Loss in Latest Security Breach
Zoth, a platform on Ethereum for real-world assets, has fallen victim to a significant security breach. Attackers stole $8.85 million by gaining access to a private key. This is the second major incident for Zoth in a month,raising concerns about defi protocol vulnerabilities.
The hackers targeted Zoth’s deployer wallet. They managed to upgrade the “USD0PPSubVaultUpgradeable” proxy contract. This allowed them to control the contract and withdraw $8.4 million in Zoth’s USD0++ stablecoin. The stolen funds were swiftly converted into 8.3 million DAI and moved to an external address.
How did they do it? The attackers exploited a private key, enabling them to manipulate the proxy contract. This move let them siphon off the funds. The platform’s website is now in maintenance mode. Zoth is collaborating with security experts to address the issue and prevent future attacks.
Proxy contracts, common in DeFi, offer versatility but also pose risks. When private keys are compromised, attackers can alter contract logic. They rerouted funds without resistance. <a href="https://twitter.com/CyversAlerts/status/1903021017460600885. The stolen stablecoins were then swapped for DAI, a popular stablecoin. The platform is working with specialists to assess the damage and secure the system. Users should stay cautious.
Proxy contracts are tools for updating smart contracts. They are useful but risky if keys are exposed.Zoth’s March 6 incident saw a $285,000 loss due to a liquidity pool flaw.Repeated breaches highlight the need for better risk management. Regulatory attention may follow.
Proxy contracts let developers modify smart contracts without rebuilding them. Though, this flexibility becomes a weakness if private keys are exposed.
proxy contracts allow developers to update smart contracts without starting from scratch. However, this feature becomes a vulnerability when private keys are compromised. Attackers can change the contract logic and redirect funds.
Zoth faced a similar issue on March 6, losing $285,000 due to a liquidity pool flaw. These repeated security failures raise concerns about the platform’s risk management and may attract regulatory attention.
