Ethereum-based real-world asset platform Zoth has suffered a major security breach, resulting in the loss of approximately $8.85 million in digital assets. Security analysts suspect the attack was facilitated by a private key leak, marking the second time the platform has been compromised within the past month.
“Our system has experienced a security breach. We’re actively investigating the incident and taking all necessary steps to resolve it as swiftly as possible,” the protocol wrote on x
On Friday, blockchain security firm Cyvers flagged unusual activity involving Zoth’s proxy contract. Investigators noted that a suspicious wallet address initiated an unauthorized upgrade to the contract. Shortly after, $8.85 million worth of USD0++ stablecoins were siphoned from the contract and funneled into the attacker’s wallet. The funds were subsequently converted into DAI and then swapped for 4,223 ETH—valued at over $8.3 million—before being moved to an external address.
This method of attack, involving control over contract upgrades, suggests access to sensitive administrative keys, leading experts to point toward an internal security lapse or key management failure as the root cause.
Attackers Exploit Proxy Contract to Drain Funds
The recent exploit targeting Zoth’s protocol was executed by compromising the platform’s proxy contract—an essential smart contract component commonly used in DeFi systems to forward calls and manage contract upgrades. Security experts have identified that the attackers gained unauthorized access to the private key associated with Zoth’s proxy contract, enabling them to alter its configuration.
Once in control, the attackers updated the proxy contract’s implementation address, redirecting it to their own wallet. This administrative access allowed them to siphon off all funds held within the contract. According to blockchain security firm PeckShield, such attacks typically stem from compromised private keys, which give attackers the ability to transfer or redirect assets without the platform’s consent.
Cyvers’ Senior Blockchain Scientist Hakan Unal confirmed that the attacker likely secured admin privileges via a leaked key or exploit, and cautioned that Zoth may have other proxy contracts—such as one holding over $12 million in USYC stablecoins—that could also be vulnerable if they share the same administrative access.
Zoth’s team has since paused operations and is collaborating with security firms to investigate whether additional contracts or funds remain at risk.
Another Blow to DeFi’s Security Reputation
The recent $8.85 million exploit marks the second attack on Zoth in less than a month, raising serious concerns about the platform’s security protocols. On March 6, Zoth suffered a separate breach resulting in the loss of approximately $285,000. That attack stemmed from a vulnerability in one of its liquidity pools, where flaws in the pool’s design allowed the attacker to mint ZeUSD tokens without depositing the necessary collateral.
According to smart contract auditing firm Solidity Scan, the earlier exploit exposed weaknesses in Zoth’s collateralization checks, further emphasizing the need for stricter contract auditing and monitoring processes.
Blockchain security experts at Cyvers noted that enhanced real-time monitoring tools capable of flagging critical actions such as admin role changes or contract upgrades, might have prevented or mitigated the latest incident.
Zoth’s exploit is part of a broader pattern of attacks that have plagued the DeFi sector this year. In 2025 alone, blockchain analytics firms have reported over $2 billion in losses due to hacks and smart contract vulnerabilities across various DeFi platforms. This figure is however, largely driven up by the infamous $1.5 Billion Bybit hack in February.
These incidents often involve flash loan attacks, oracle manipulation, or poorly audited smart contracts, highlighting the critical need for more rigorous security testing and independent code audits before deployment. As more capital flows into DeFi ecosystems, the appeal to malicious actors continues to grow, leaving platforms under increasing pressure to fortify their protocols.
Quick Facts:
- Ethereum-based platform Zoth suffered a $8.85 million hack, reportedly due to a compromised private key.
- Attackers gained admin access to Zoth’s proxy contract, enabling unauthorized upgrades and fund withdrawals.
- $8.85 million worth of stablecoins were drained, later converted into 4,223 ETH and transferred to external addresses.
- This marks Zoth’s second security breach within a month, intensifying concerns over DeFi platform vulnerabilities.
