Zoth, a platform built on Ethereum with a focus on tokenized real-world assets, recently fell victim to a second major security breach in less than three weeks. On March 21, attackers managed to siphon off $8.85 million in digital assets, marking a devastating blow to the company.
The breach was confirmed by Zoth, who is currently collaborating with security experts to conduct a thorough investigation into the incident. In an effort to identify the hacker responsible for the exploit, Zoth has put forth a bounty of $500,000 for any information leading to their apprehension.
The hack took place in the early hours of March 21, as the attacker successfully compromised an admin key and gained control of a Zoth proxy contract. By upgrading the contract, the hacker was able to execute unauthorized fund transfers, resulting in the draining of $8.85 million in USD0++ stablecoins. The stolen funds were subsequently converted into 4,223 ETH and transferred to an external wallet.
Zoth has assured its users that steps are being taken to mitigate the impact of the breach. The company has pledged to release a comprehensive report once their investigation is concluded.
This recent breach marks the second incident targeting Zoth this month, with the first exploit occurring on March 6. During the initial breach, an attacker exploited a vulnerability in one of Zoth’s liquidity pools, leading to a loss of $285,000. Security experts believe that better key management and real-time monitoring could have prevented these breaches, and caution that other contracts within the platform sharing the same admin access may also be at risk.
While Zoth has not confirmed whether affected users will be reimbursed, they remain committed to enhancing their security measures to prevent future incidents. The company acknowledges the risks that decentralized finance platforms face, especially those reliant on centralized admin controls. Blockchain security firms have observed a rise in sophisticated key compromises, resulting in over $10 billion lost to DeFi-related exploits over the past five years.
Zoth has refrained from disclosing details on how the attacker obtained the private key, but has promised to provide updates as the investigation progresses. The company’s dedication to transparency and security measures will be crucial in restoring trust among its user base.
As the world of decentralized finance continues to evolve, incidents like these serve as a stark reminder of the importance of robust security protocols and proactive measures to safeguard against potential threats. Zoth’s experience underscores the ongoing challenges faced by platforms in this space, and highlights the critical need for continuous vigilance and adaptation in the face of evolving cybersecurity risks.