{"id":125550,"date":"2025-03-21T12:17:40","date_gmt":"2025-03-21T12:17:40","guid":{"rendered":"http:\/\/cryptospotters.net\/?p=125550"},"modified":"2025-03-21T12:17:40","modified_gmt":"2025-03-21T12:17:40","slug":"hacker-steals-8-4m-from-rwa-restaking-protocol-zoth","status":"publish","type":"post","link":"http:\/\/cryptospotters.net\/?p=125550","title":{"rendered":"Hacker steals $8.4M from RWA restaking protocol Zoth"},"content":{"rendered":"<p>Source: Cointelegraph.com NewsReal-world asset (RWA) re-staking protocol Zoth suffered an exploit leading to over $8.4 million in losses, leading the platform to put its site on maintenance mode.\u00a0<br \/>\nOn March 21, blockchain security firm Cyvers flagged a suspicious Zoth transaction. The security firm said that the protocol\u2019s deployer wallet was compromised and that the attacker withdrew over $8.4 million in crypto assets.\u00a0<br \/>\nThe blockchain security firm said that within minutes, the stolen assets were converted into the DAI stablecoin and were transferred to a different address.\u00a0<br \/>\nCyvers added the protocol\u2019s website had been maintained in response to the incident. In a security notice, the platform confirmed that it had a security breach. The protocol said it\u2019s working to resolve the problem as soon as possible.\u00a0<br \/>\nThe Zoth team said it worked with its partners to \u201cmitigate the impact\u201d and fully resolve the situation. The platform promised to publish a detailed report once its investigation is completed.\u00a0<br \/>\nSince the hack, the attackers have moved the funds and swapped the assets into Ether (ETH), according to PeckShield.\u00a0<br \/>\nHacker moves stolen funds. Source: PeckshieldRelated: SMS scammers posing as Binance have an even trickier way to fool victims<br \/>\nHack likely caused by admin privilege leak<br \/>\nIn a statement, the Cyvers team said the incident highlights vulnerabilities in smart contract protocols and the need for better security.\u00a0<br \/>\nCyvers Alerts senior SOC lead Hakan Unal told Cointelegraph that a leak in admin privileges likely caused the hack. Unal said that about 30 minutes before the hack was detected, a Zoth contract was upgraded to a malicious version deployed by a suspicious address.\u00a0<br \/>\n\u201cUnlike typical exploits, this method bypassed security mechanisms and gave full control over user funds instantly,\u201d the security professional said.\u00a0<br \/>\nThe security professional told Cointelegraph that this type of attack could be prevented by implementing multisig contract upgrades to prevent single-point failures, adding timelocks on upgrades to allow monitoring and placing real-time alerts for admin role changes. Unal added that better key management is also advised to prevent unauthorized access.\u00a0<br \/>\nWhile the attack could be prevented, Unal believes that this type of attack may continue to be a problem in decentralized finance (DeFi). The security professional told Cointelegraph that admin key compromises remain a \u201cmajor risk\u201d in the DeFi ecosystem.\u00a0<br \/>\n\u201cWithout decentralized upgrade mechanisms, attackers will continue targeting privileged roles to take over protocols,\u201d Unal added.\u00a0<br \/>\nMagazine: Memecoins are ded \u2014 But Solana \u2018100x better\u2019 despite revenue plunge<a href=\"https:\/\/cointelegraph.com\/news\/zoth-exploit-admin-leak-causes-8m-losses?utm_source=rss_feed&amp;utm_medium=rss&amp;utm_campaign=rss_partner_inbound\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Source: Cointelegraph.com NewsReal-world asset (RWA) re-staking protocol Zoth suffered an exploit leading to over $8.4 million in losses, leading the platform to put its site on maintenance mode.\u00a0 On March&hellip; <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/125550"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=125550"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/125550\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=125550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=125550"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=125550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}