Ethereum RWA Platform Zoth Hacked Again: $8.85M Stolen In Proxy Exploit
The Zoth platform, built on Ethereum and focused on RWA tokenization, has once again been exploited. $8.85 million was drained off — the second major incident in less than 30 days.
On this page
For the second time in a month, Ethereum-based platform Zoth — known for tokenizing real-world assets — has fallen victim to a devastating exploit.
This time, a private key leak allowed the attacker to siphon off $8.85 million, using a carefully manipulated proxy contract.
Cybersecurity experts caution that more Zoth contracts may be at risk.
As detailed by Cyvers, the breach occurred on March 21, 2025. A rogue address upgraded the proxy and altered the implementation contract — ultimately transferring assets into the attacker’s possession.
Hackers made off with $8.85 million in USD0++ stablecoins, later swapping the funds for 4,223 ETH — worth approximately $8.3 million — and transferring the tokens to another address.
Zoth stated it is working with cybersecurity partners to investigate the breach and assess the scope of the loss.
According to findings from Cyvers and PeckShield, the attack was likely enabled by leaked private keys granting admin access.
This is the second successful attack on Zoth in just a month, raising serious concerns about the project’s smart contract management practices.
Check this out: Crypto Heist 101: How Hackers Steal Millions in Crypto
Inside the Zoth Exploit: How Proxy Contract Design Became the Weak Link
Zoth’s second major breach in a month can be traced to a vulnerability in its proxy contract — a widely used DeFi structure that separates contract logic from storage, allowing upgrades without changing the contract address.
The downside? It places immense trust in admin-level access and private key security.
In this case, the attacker updated the proxy to point to a malicious contract, giving themselves direct access to locked assets.
As Cyvers’ Hakan Unal explained, the attacker likely exploited a leaked private key or an internal permissions flaw. PeckShield reinforced the point: when the admin key is compromised, the entire contract’s logic becomes controllable.
Cyvers noted that Zoth maintains several proxy contracts, one of which currently safeguards $12.28 million in USYC. If administrative keys were reused, the potential exposure significantly exceeds the $8.85 million already extracted.
The absence of real-time surveillance and privilege escalation alerts was cited as a key vulnerability. Experts believe that automated admin-level monitoring could have offered an early warning — potentially averting the breach.
More insights: What is a proxy, and what is it used for?
March 6 Exploit: How Zoth First Got Breached
On March 6, Zoth experienced its first breach — a $285,000 exploit tied to its liquidity pool.
According to Solidity Scan, a flaw in the ZeUSD token contract allowed an attacker to generate uncollateralized tokens. The breach stemmed from a logic error that let them circumvent the rules meant to guarantee financial backing — a quiet flaw that would later echo louder.
Although the financial damage in March was limited, the recurrence of attacks suggests an underlying weakness in Zoth’s security governance. The close timing between the two breaches is particularly troubling for stakeholders.
Zoth has not issued a statement regarding any link between the incidents. Nonetheless, growing scrutiny within the digital asset space is now focused on the operational resilience of this RWA platform.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
