Zoth Hit by $8.4M Crypto Exploit After Wallet Compromise

Newsroom

Newsroom

2 min read
Zoth Hit by $8.4M Crypto Exploit After Wallet Compromise

RWA restaking protocol Zoth suffers major breach as attacker drains millions, converts funds to DAI and ETH

Real-world asset restaking platform Zoth just got rocked by a massive exploit, with attackers making off with roughly $8.4 million in crypto. The breach, uncovered on March 21, stemmed from a compromised deployer wallet and has forced Zoth to pull its website offline while an investigation is underway.

Blockchain security firm Cyvers Alerts was the first to sound the alarm, pointing to a suspicious upgrade of a proxy contract called "USD0PPSubVaultUpgradeable." The upgrade was made using a wallet tied to the attacker, opening the door for the heist.

Just minutes after the shady contract change, the attacker drained Zoth's USD0++ stablecoin and quickly swapped the stolen funds for DAI. But it didn’t stop there. According to PeckShield, the thief later converted the assets again, this time into Ethereum (ETH), moving the money across wallets to cover their tracks.

Zoth acknowledged the breach publicly on X (formerly Twitter), stating, "Our system has experienced a security breach. We’re working closely with our partners to mitigate the impact and fully resolve the issue. A detailed report will be shared once the investigation is complete."

Meanwhile, the site remains down for maintenance, and the team is scrambling behind the scenes to patch things up.

Zoth's Rise: From Backed Treasuries to High-Profile Backers

Zoth was founded in early 2023 by Pritam Dutta and Koushik Bhargav. In August 2024, it pulled in $4 million in strategic funding to launch its flagship product - a tokenized liquid note backed by U.S. Treasury Bills and high-rated corporate bonds. Investors included Borderless, Blockchain Founders Fund, Taisu Ventures, and Ripple’s XRPL Foundation, among others.

The protocol’s stablecoin, ZeUSD, is fully backed by Zoth Tokenized Liquid Notes (ZTLN), which are anchored in real-world assets and issued on the ZothFI platform.

The Bigger Picture: A Growing Wave of Crypto Heists

This exploit is just the latest in a troubling streak of security failures across DeFi and crypto platforms. February 2025 alone saw hackers pocket over $1.5 billion in just four high-profile breaches.

Leading the charge was the Lazarus Group’s jaw-dropping $1.46 billion hack of the Bybit exchange. Using social engineering tactics, the group deployed a fake version of Safe UI to siphon off user funds, eclipsing the infamous Ronin Network breach.

Other notable incidents included:

  • Ionic Money, where attackers used manipulated LBTC collateral in a social engineering ploy.
  • zkLend, which suffered from a rounding error in its smart contract.
  • Infini, a Hong Kong-based stablecoin bank, where a rogue developer with elevated access keys stole nearly $50 million.

The Zoth incident now joins this growing list, underscoring just how vulnerable even well-funded protocols can be. As the industry continues to evolve, it’s a loud reminder that tight security isn’t optional - it’s essential.

Further updates from Zoth and cybersecurity analysts are expected as the investigation unfolds.

Read more