Hacker Steals $8.4M from RWA Restaking Protocol Zoth
Real-world asset (RWA) re-staking protocol Zoth suffered a devastating exploit on March 21, resulting in staggering losses of over $8.4 million. The platform has since put its site on maintenance mode as it works to resolve the issue and publish a detailed report once its investigation is completed.
The security breach was flagged by blockchain security firm Cyvers, which detected suspicious Zoth transactions within minutes of the hack. According to Cyvers, the protocol's deployer wallet was compromised, allowing the attacker to withdraw over $8.4 million in crypto assets. The stolen funds were then converted into the DAI stablecoin and transferred to a different address.
The attackers have since moved the funds and swapped them into Ether (ETH), according to PeckShield. The incident has raised concerns about the vulnerability of smart contract protocols and the need for better security measures in the decentralized finance (DeFi) ecosystem.
How the Hack Occurred
Cyvers Alerts senior SOC lead Hakan Unal told Cointelegraph that a leak in admin privileges likely caused the hack. Approximately 30 minutes before the hack was detected, a Zoth contract was upgraded to a malicious version deployed by a suspicious address.
"Unlike typical exploits, this method bypassed security mechanisms and gave full control over user funds instantly," Unal said. He attributed the success of the attack to the lack of multisig contract upgrades, which would have prevented single-point failures and provided real-time alerts for admin role changes.
Preventing Similar Attacks
Unal emphasized that better key management is crucial in preventing unauthorized access to privileged roles. "Without decentralized upgrade mechanisms, attackers will continue targeting privileged roles to take over protocols," he warned.
He also recommended implementing multisig contract upgrades to prevent single-point failures and adding timelocks on upgrades to allow monitoring and placing real-time alerts for admin role changes. By taking these precautions, the DeFi ecosystem can reduce the risk of similar attacks in the future.
The Fallout
The RWA re-staking protocol Zoth has faced significant backlash following the incident, with its reputation now tarnished by a major security breach. The platform's team has vowed to work tirelessly to resolve the issue and rebuild trust with its users.
"We're committed to making things right and ensuring that our users' assets are safe," a spokesperson for Zoth told Cointelegraph. "We'll be publishing a full incident report post-investigation, which will provide more details on what happened and how we plan to prevent similar attacks in the future."
The Impact
The hack has sent shockwaves through the cryptocurrency community, with many users expressing concern about the vulnerability of decentralized platforms. The incident highlights the need for greater security measures in the DeFi ecosystem, particularly when it comes to admin privilege management.
"This type of attack could be prevented by implementing better security protocols and monitoring for suspicious activity," Unal said. "We must do better to protect our users' assets and ensure that decentralized platforms are secure."