Real-world assets (RWA) restaking protocol Zoth recently experienced a security breach that resulted in the loss of approximately $8.4 million in crypto assets. The incident was reported by the blockchain security firm Cyvers Alerts on March 21, with the compromised deployer wallet identified as the root cause.
According to Cyvers Alerts, the attack was initiated by an upgrade to a proxy contract named “USD0PPSubVaultUpgradeable,” which was linked to an address associated with the suspected attacker. Following the upgrade, the attacker was able to drain $8.4 million in the protocol’s USD0++ stablecoin. The stolen funds were quickly converted into the DAI stablecoin and transferred to a separate address. Subsequently, the attackers moved the funds and swapped the assets into Ether (ETH), as reported by PeckShield.
In response to the breach, Zoth’s website was taken offline for maintenance. The protocol issued a statement acknowledging the security breach and reassured users that they are working diligently with their partners to mitigate the impact and address the issue. A detailed report will be shared once the investigation is complete.
As the community remains vigilant, Zoth continues to work on resolving the security breach. Updates are expected to be provided as the investigation progresses.
Zoth, founded in January 2023 by Pritam Dutta and Koushik Bhargav, secured $4 million in funding in August 2024 to launch its tokenized liquid note. The note is backed by US Treasury Bills and top-rated corporate bonds. Notable investors, including Borderless, Blockchain Founders Fund, Taisu Ventures, G20, Fat Cat Ventures, GemHead Capital, and angels from Coinbase and Hedera, supported the funding round. Additionally, Zoth received a grant from Ripple’s XRPL Foundation.
Zoth’s core product, ZeUSD, is a stablecoin fully backed by Zoth Tokenized Liquid Notes (ZTLN), with its reserve anchored by RWAs issued on ZothFI.
The security breach at Zoth adds to a growing trend of security breaches within the crypto space. February 2025 was particularly devastating, with hackers reportedly extracting over $1.5 billion across four high-value exploits. The Lazarus Group’s attack on the Bybit exchange, which resulted in a theft of over $1.46 billion, was a significant factor in this unprecedented level of theft.
Other incidents in February 2025, including hacks on Ionic Money, zkLend, and Infini, highlighted the diverse vulnerabilities within decentralized finance (DeFi). These incidents underscore the importance of rigorous security audits and proactive measures to protect user funds in the ever-evolving crypto landscape.
In conclusion, the security breach at Zoth serves as a reminder of the ongoing challenges faced by DeFi protocols and the necessity for robust security measures to safeguard user assets in the crypto ecosystem.