Zoth DeFi Platform Hacked Again, Loses $8.85M in Stablecoins

Ethereum-based decentralized finance (DeFi) platform Zoth has recently experienced a significant security breach, resulting in the loss of $8.85 million in stablecoins. This incident marks the second hack in just one month, raising serious concerns about the platform’s security protocols and the integrity of its private key management. The attack is believed to have been initiated through unauthorized access to a private key, which allowed the attacker to exploit a proxy contract and reroute funds to their wallet.

On Friday morning, a Zoth proxy contract was upgraded by what security firm Cyvers called a "suspicious address.” Shortly thereafter, $8.85 million worth of stablecoin USD0++ was transferred out of the proxy contract into the attackers wallet before all funds were swapped into DAI and moved to another address. The attacker later swapped the stolen funds for 4,223 ETH. A spokesperson for Zoth stated that the team is actively investigating the situation alongside their security partners and taking every necessary measure to mitigate the impact and resolve the issue.

Security experts, including those from Cyvers and PeckShield, have highlighted that this type of attack is not uncommon in the DeFi space. A proxy contract, which facilitates seamless transactions by forwarding calls and funds to various implementation contracts, can be manipulated if an attacker gains access to the private key. This vulnerability allows the attacker to change contract addresses and transfer funds without resistance from the original contract’s owners. Hakan Unal, a Senior Blockchain Scientist at Cyvers, noted that such attacks typically occur when an attacker gains unauthorized access to the private keys controlling a wallet or smart contract.

In this exploit, it appears the attacker gained access to the private key for the proxy contract which enabled them to update it, changing the implementation contract address to their own wallet. This then allowed for all of the funds from inside the proxy contract to be sent directly to the attacker. Unal added that it is likely that Zoth has multiple proxy contracts, such as this contract holding $12.28 million USYC—meaning more funds could also be at risk if they share the same admin access.

The implications of this incident extend beyond the immediate financial loss. It raises questions about the regulatory measures in place for platforms managing real-world assets. With the DeFi landscape evolving rapidly, security must be a top priority. The significant financial losses that can arise from negligence could affect investor trust and lead to regulatory scrutiny. Proactive measures, such as real-time monitoring and alerts for any suspicious contract activities, could have mitigated this incident and potentially prevented it.

Zoth did not comment on how the contract’s private key fell into the hands of the attacker, but told Decrypt that it will release an update once it has finished its investigation. Cyvers suggested that setting up real-time monitoring that alerted the company when admin roles or contract upgrades were made could have helped prevent this attack. This appears to be the second hack to hit the DeFi project in the space of a month, after the project lost $285,000 as the result of a March 6 attack. This came about as a result of an exploit in a liquidity pool that allowed the attacker to mintMIMI-- ZeUSD without depositing sufficient collateral, according to smart contract auditing firm Solidity Scan.

Zoth is not the only DeFi platform to face such challenges. In a previous incident on March 6, Zoth suffered a loss of $285,000 due to a liquidity pool exploit that allowed attackers to mint ZeUSD without sufficient collateral. Such repeated breaches indicate a potential systemic issue within the security postures many DeFi platforms adopt. It is clear that without stringent security checks and effective management of private keys, these incidents will continue, severely impacting user confidence and financial stability.

The recent hack of Zoth serves as a stark reminder of the vulnerabilities that persist in the DeFi ecosystem. As the platform opens an investigation into the breach, stakeholders are left to ponder the viability of current security protocols and the measures necessary to enhance them moving forward. For those involved in the rapidly evolving landscape of real-world asset management, this stands as a pivotal moment—one that must spur a reevaluation of security practices to safeguard against future vulnerabilities.