The Zoth protocol was hit by a hacker, leading to losses of $8.4 million. The attack was due to vulnerability in the updated contract.
The course of the attack
The incident was flagged by blockchain security firm Cyvers Alerts. The hacker used a compromised deployer wallet to execute suspicious transactions. Just 30 minutes before the attack, the 'USD0PPSubVaultUpgradeable' proxy contract was updated. Approximately $8.4 million in USD0++ stablecoin was withdrawn by the hacker, quickly converted to DAI, and moved to another address.
Zoth team's response
Zoth team temporarily took down the website for maintenance and publicly acknowledged the incident. The protocol's official statement reads: “We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed report will be shared once the investigation is complete.”
Project background and previous incidents
Founded in January 2023 by Pritam Dutta and Koushik Bhargav, Zoth attracted substantial investor attention. In August 2024, the project secured $4 million for developing tokenized financial products based on U.S. Treasury Bills and corporate bonds. Contributors to this funding included Taisu Ventures, G20, Fat Cat Ventures, GemHead Capital, investors from Coinbase and Hedera, along with a grant from XRPL Foundation. As investigations continue, further updates are expected.
The attack on Zoth highlights the vulnerabilities within decentralized systems. As engineers seek solutions, users remain vigilant, awaiting updates from the team.
