Zoth, an Ethereum-based platform focusing on tokenized real-world assets, was hit by its second major security breaches within three weeks on March 21, with the attacker emitting $8.85 million in digital assets.
The company has confirmed violations and works with security experts to investigate the incident.
Zoth also offers a $500,000 prize money for information that will lead to the identification of the hackers responsible for the recent $8.85 million exploit.
The hack that occurred early on March 21st saw an attacker compromise the management key and gained control of the Zoth Proxy contract. Hackers upgraded contracts and allowed for fraudulent fund transfers.
On-chain analysis showed $8.85 million in USD0++ stubcoin was ejected from the contract, converted to 4,223 ETH, and later moved to an external wallet.
Zoth has confirmed a security breach and has assured users that steps have been taken to mitigate the impact. The company has pledged to release a full report once the investigation is complete.
The second hack
This is the second exploit targeting Zoth this month. On March 6, an attacker exploited the vulnerability in one of the liquidity pools, minted synthetic assets without adequate collateral, resulting in a loss of $285,000.
Security experts suggest that better key management and real-time monitoring could have prevented violations. They warn that additional funds could be at risk if other contracts within the platform share the same admin access.
Zoth has not said whether to issue a refund to affected users, but said it is working to strengthen its security measures to prevent future incidents.
The incident highlights the ongoing risks of relying on decentralized financial platforms, particularly centralized manager control. Blockchain security companies are paying attention to the rise in sophisticated and important compromises, with over $10 billion lost to Defi-related exploits over the past five years.
The company did not comment on how the attacker obtained the private key, but has pledged to provide an update once the investigation is over.
