Verify a decision

{"actor":"system:backfill","investigation_id":"4a736de8-81d9-4b63-944d-32ddd8b0ff17","kind":"publish","page_slug":"zoth-protocol","published_at":"2026-06-01T17:49:58.512Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Zoth Protocol","sections":[{"content":"On March 21, 2025, at approximately 08:46 UTC, an attacker who had obtained control of Zoth's deployer wallet (0x3604582f56565d7060d73829ffb9ebd579218dca) executed the upgradeToAndCall function on the USD0PPSubVaultUpgradeable proxy contract (0x82f3a0392F58C50fa90542519832471BaE93e43e), replacing the legitimate implementation with a malicious contract deployed at 0xc89d7894341e13d5067d003af5346b257d861f56. One minute later, the attacker used the new implementation to withdraw 8,851,750.37 USD0++ tokens, valued at approximately $8.4 million. The stolen tokens were swapped into DAI via CowSwap and subsequently converted to ETH via Uniswap V2, with final holdings consolidated in a secondary attacker wallet at 0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf. On-chain evidence indicates the attacker funded a preparation wallet with 0.54 ETH through ChangeNOW as early as March 14-15, and executed a failed proxy upgrade attempt on March 20 before succeeding on March 21. The deployer address controlled the proxy's upgrade mechanism through a single externally owned account (EOA) with no multi-signature or timelocked governance safeguard, constituting a critical single point of failure.","heading":"March 21, 2025 Deployer-Key Compromise and Proxy Upgrade Attack","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Zoth Hack (March 2025) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zoth-hack-march-2025"},{"credibility":2,"name":"Zoth Vault Breach: Admin Key Exploit Analysis — Blockscope Research","type":"research","url":"https://research.blockscope.co/zoth-vault-breach"},{"credibility":2,"name":"How Did Zoth Lose $8.4M Due to Access Control? — QuillAudits","type":"research","url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"},{"credibility":2,"name":"Hacker Steals $8.4M from RWA Restaking Protocol Zoth — CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/zoth-exploit-admin-leak-causes-8m-losses"},{"credibility":2,"name":"Zoth — Rekt News","type":"research","url":"https://rekt.news/zoth-rekt"}]},{"content":"Three weeks before the larger breach, on March 1, 2025, Zoth suffered a separate $285,000 exploit targeting a logic flaw in the LTV (Loan-to-Value) validation inside the mintWithStable() function of the ZeUSD contract. An attacker manipulated a Uniswap V3 liquidity pool to cause the protocol to incorrectly record receipt of approximately 330,979 collateral tokens that were never actually deposited. With the system treating the position as fully collateralized, the attacker minted a disproportionate quantity of ZeUSD and subsequently burned it to withdraw the phantom collateral, netting $285,000. Security researchers noted that this vulnerability had been flagged in a prior audit, raising questions about the protocol's remediation process between audit and deployment.","heading":"March 1, 2025 Initial Exploit — LTV Logic Flaw ($285,000)","severity":"high","sources":[{"credibility":2,"name":"Anatomy of a Hack: How a Simple Logic Flaw Led to a $285k Exploit on Zoth — Verichains Blog","type":"research","url":"https://blog.verichains.io/p/anatomy-of-a-hack-how-a-simple-logic"},{"credibility":2,"name":"Zoth Hacked for Nearly $8.3 Million, Second Theft in Two Weeks — Web3 Is Going Great","type":"news","url":"https://www.web3isgoinggreat.com/?id=zoth-hack-2"},{"credibility":2,"name":"Explained: The Zoth Hack (March 2025) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zoth-hack-march-2025"}]},{"content":"Security analysts identified the root cause of the March 21 attack as the protocol's reliance on a single EOA deployer wallet to control proxy upgrade rights, with no multi-signature requirement, no timelock, and no on-chain governance process gating contract upgrades. This architecture meant that compromising one private key was sufficient to replace the entire contract logic and drain user funds. The precise method by which the deployer key was obtained is not publicly confirmed as of the date of this report; analysts have noted the pattern is consistent with phishing, social engineering, or insider access, but Zoth has not disclosed the confirmed attack vector for the key compromise. The attacker's preparation timeline — funding wallets via ChangeNOW and making a failed upgrade attempt on March 20 — suggests deliberate targeting rather than opportunistic scanning.","heading":"Root Cause: Single-Key Deployer Privilege and Absent Upgrade Governance","severity":"critical","sources":[{"credibility":2,"name":"Zoth Vault Breach: Admin Key Exploit Analysis — Blockscope Research","type":"research","url":"https://research.blockscope.co/zoth-vault-breach"},{"credibility":2,"name":"How Did Zoth Lose $8.4M Due to Access Control? — QuillAudits","type":"research","url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"},{"credibility":2,"name":"Explained: The Zoth Hack (March 2025) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zoth-hack-march-2025"}]},{"content":"Following the March 21 breach, Zoth publicly acknowledged the incident and stated it was actively investigating. Asset issuer partners cooperated to freeze or lock approximately 73% of the protocol's TVL, limiting additional exposure. Zoth engaged Crystal Blockchain BV to assist with blockchain forensics and asset tracing. A $500,000 public bounty was launched through Securr, offering 10% of recovered funds to any party providing actionable information leading to asset recovery. A subsequent protocol update disclosed that no significant changes in fund movements had been observed and that tracking and investigation remained ongoing. As of the date of this report, no public confirmation of recovered funds has been issued.","heading":"Fund Recovery and Incident Response","severity":"high","sources":[{"credibility":3,"name":"Zoth Engages Crystal Blockchain BV for Asset Recovery Post-Theft — Coincu via BitcoinEthereumNews","type":"news","url":"https://bitcoinethereumnews.com/blockchain/zoth-engages-crystal-blockchain-bv-for-asset-recovery-post-theft-coincu/"},{"credibility":3,"name":"RWA Restaking Protocol Zoth Offers $500K Bounty After $8.4M Hack — CryptoTVPlus","type":"news","url":"https://cryptotvplus.com/2025/03/rwa-restaking-protocol-zoth-offers-500k-bounty-after-8-4m-hack/"},{"credibility":3,"name":"ZOTH Progress Update on Hacking Incident — Bitget News","type":"news","url":"https://www.bitget.com/news/detail/12560604674255"},{"credibility":2,"name":"Zoth — Rekt News","type":"research","url":"https://rekt.news/zoth-rekt"}]},{"content":"In a press release issued after the incident, Zoth announced a multi-part recovery and security overhaul. User compensation was structured as a combination of stable asset payments covering principal losses, vested $ZOTH tokens drawn from contributor and ecosystem reserves, and active discussions with a liquid fund to facilitate redemptions; the protocol reported over 80% user retention following this approach. On the security side, the team committed to implementing AI-powered real-time monitoring, independent smart contract audits, a public bug bounty program, open-sourced infrastructure, and enhanced governance mechanisms requiring multiple signers for future upgrades. Zoth also announced a $15 million strategic token commitment from Bolts Capital as a signal of continued institutional backing. Co-founder Pritam Dutta stated the team chose to rebuild rather than abandon the protocol, and co-founder Koushik Bhargav emphasized the project's mandate as public goods infrastructure for RWAs.","heading":"Post-Incident Security Overhaul and Compensation Program","severity":"medium","sources":[{"credibility":2,"name":"Zoth's Next Chapter: Advancing Secure, Scalable RWA Infrastructure — PR Newswire","type":"official","url":"https://www.prnewswire.com/news-releases/zoths-next-chapter-advancing-secure-scalable-rwa-infrastructure-302450470.html"}]},{"content":"Zoth Protocol is a decentralized infrastructure platform focused on tokenizing and providing on-chain settlement for real-world assets including treasury bills and sovereign debt instruments. The protocol's flagship product, ZeUSD, is a yield-bearing stablecoin backed by tokenized RWAs. The restaking layer allows holders to re-stake tokenized assets to earn additional yield, a model the protocol marketed as bridging traditional finance and DeFi. The company is registered in Panama and operates with a regulated SPV structure in Luxembourg and an Invoice Forfaiting License in the UAE. It raised $4 million in a funding round to launch its tokenized liquid note product. The founding team previously built a fintech venture with reported $300 million AUM at AB InBev, serving enterprise clients including Budweiser and Emirates Group. Zoth was founded in January 2023.","heading":"Business Model: RWA Tokenization and Restaking","severity":"low","sources":[{"credibility":2,"name":"RWA Startup Zoth Raises $4M to Launch Tokenized Liquid Note — Crypto.news","type":"news","url":"https://crypto.news/rwa-startup-zoth-raises-4m-to-launch-tokenized-liquid-note/"},{"credibility":1,"name":"Zoth | Stablecoin Neobank for Next Era of Finance — Official Website","type":"official","url":"https://zoth.io/"},{"credibility":3,"name":"Pritam Dutta — CEO & Founder at Zoth.io | The Org","type":"other","url":"https://theorg.com/org/zoth-io/org-chart/pritam-dutta"}]},{"content":"The Zoth incident has been cited by multiple security researchers as a case study in the systemic risks of upgradeable proxy contracts controlled by single EOA keys. In the broader DeFi context, access-control failures of this type accounted for a significant share of losses in Q1 2025. For RWA protocols specifically, the risk profile is heightened because the assets backing on-chain instruments include off-chain counterparties and regulated structures, meaning a smart contract exploit can simultaneously impair both on-chain token holders and off-chain asset redemption processes. Security auditors including Halborn, QuillAudits, and Blockscope have used the Zoth incident to advocate for mandatory multi-signature governance over proxy upgrade functions, timelocked upgrades with community veto windows, and operational security practices (hardware security modules, compartmentalized key custody) for privileged protocol addresses.","heading":"Proxy Upgrade Security Implications for RWA Protocols","severity":"high","sources":[{"credibility":2,"name":"Explained: The Zoth Hack (March 2025) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zoth-hack-march-2025"},{"credibility":2,"name":"Unpacking $1.7B of DeFi Exploits: What Went Wrong in Q1 2025? — Guardrail","type":"research","url":"https://www.guardrail.ai/blog/unpacking-defi-exploits-what-went-wrong-in-q1-2025"},{"credibility":2,"name":"How Did Zoth Lose $8.4M Due to Access Control? — QuillAudits","type":"research","url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"}]}],"sources_used":[{"name":"Explained: The Zoth Hack (March 2025) — Halborn Security","type":"research","url":"https://www.halborn.com/blog/post/explained-the-zoth-hack-march-2025"},{"name":"Zoth Vault Breach: Admin Key Exploit Analysis — Blockscope Research","type":"research","url":"https://research.blockscope.co/zoth-vault-breach"},{"name":"How Did Zoth Lose $8.4M Due to Access Control? — QuillAudits","type":"research","url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"},{"name":"Zoth — Rekt News","type":"research","url":"https://rekt.news/zoth-rekt"},{"name":"Hacker Steals $8.4M from RWA Restaking Protocol Zoth — CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/zoth-exploit-admin-leak-causes-8m-losses"},{"name":"Anatomy of a Hack: How a Simple Logic Flaw Led to a $285k Exploit on Zoth — Verichains Blog","type":"research","url":"https://blog.verichains.io/p/anatomy-of-a-hack-how-a-simple-logic"},{"name":"Zoth's Next Chapter: Advancing Secure, Scalable RWA Infrastructure — PR Newswire","type":"official","url":"https://www.prnewswire.com/news-releases/zoths-next-chapter-advancing-secure-scalable-rwa-infrastructure-302450470.html"},{"name":"Zoth Engages Crystal Blockchain BV for Asset Recovery Post-Theft — Coincu","type":"news","url":"https://bitcoinethereumnews.com/blockchain/zoth-engages-crystal-blockchain-bv-for-asset-recovery-post-theft-coincu/"},{"name":"RWA Restaking Protocol Zoth Offers $500K Bounty After $8.4M Hack — CryptoTVPlus","type":"news","url":"https://cryptotvplus.com/2025/03/rwa-restaking-protocol-zoth-offers-500k-bounty-after-8-4m-hack/"},{"name":"ZOTH Progress Update on Hacking Incident — Bitget News","type":"news","url":"https://www.bitget.com/news/detail/12560604674255"},{"name":"Unpacking $1.7B of DeFi Exploits: What Went Wrong in Q1 2025? — Guardrail","type":"research","url":"https://www.guardrail.ai/blog/unpacking-defi-exploits-what-went-wrong-in-q1-2025"},{"name":"RWA Startup Zoth Raises $4M to Launch Tokenized Liquid Note — Crypto.news","type":"news","url":"https://crypto.news/rwa-startup-zoth-raises-4m-to-launch-tokenized-liquid-note/"},{"name":"Zoth | Stablecoin Neobank for Next Era of Finance — Official Website","type":"official","url":"https://zoth.io/"},{"name":"Pritam Dutta — CEO & Founder at Zoth.io | The Org","type":"other","url":"https://theorg.com/org/zoth-io/org-chart/pritam-dutta"},{"name":"Zoth on Lazarus.day incident tracker","type":"research","url":"https://lazarus.day/incidents/zoth"}],"summary":"Zoth Protocol is an Ethereum-based real-world asset (RWA) re-staking and tokenization platform founded in 2023 by Pritam Dutta and Koushik Bhargav. In March 2025 the protocol suffered two separate security incidents within three weeks: an initial $285,000 logic-flaw exploit on March 1 and a far more damaging $8.4 million deployer-key compromise on March 21 that enabled a malicious proxy contract upgrade. The protocol has since launched a user compensation program, engaged Crystal Blockchain BV for fund recovery, and announced a security overhaul backed by a $15 million strategic token commitment from Bolts Capital.","timeline":[{"date":"2023-01-01","event":"Zoth Protocol founded by Pritam Dutta and Koushik Bhargav.","source":"Tracxn / The Org","source_url":"https://theorg.com/org/zoth-io/org-chart/pritam-dutta"},{"date":"2025-03-01","event":"First exploit: attacker manipulates Uniswap V3 liquidity pool to exploit LTV logic flaw in mintWithStable(), draining $285,000 from the ZeUSD contract.","source":"Verichains Blog","source_url":"https://blog.verichains.io/p/anatomy-of-a-hack-how-a-simple-logic"},{"date":"2025-03-14","event":"Attacker funds a preparation wallet with 0.54 ETH via ChangeNOW and deploys a malicious smart contract, suggesting deliberate pre-attack staging.","source":"QuillAudits Hack Analysis","source_url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"},{"date":"2025-03-20","event":"Attacker makes a failed attempt to upgrade the USD0PPSubVaultUpgradeable proxy contract, one day before the successful exploit.","source":"QuillAudits Hack Analysis","source_url":"https://www.quillaudits.com/blog/hack-analysis/zoth-loose-8.4m-dollar-due-to-access-control"},{"date":"2025-03-21","event":"08:46 UTC: Attacker uses compromised deployer wallet (0x3604582f...218dca) to call upgradeToAndCall on the USD0PPSubVaultUpgradeable proxy, installing malicious implementation at 0xc89d7894...861f56.","source":"Blockscope Research","source_url":"https://research.blockscope.co/zoth-vault-breach"},{"date":"2025-03-21","event":"08:47 UTC: Attacker withdraws 8,851,750.37 USD0++ tokens (~$8.4M) from the now-controlled vault. Tokens swapped to DAI via CowSwap, then converted to ETH via Uniswap V2.","source":"Blockscope Research","source_url":"https://research.blockscope.co/zoth-vault-breach"},{"date":"2025-03-21","event":"Zoth publicly acknowledges the breach, states it is actively investigating and taking necessary steps.","source":"Rekt News","source_url":"https://rekt.news/zoth-rekt"},{"date":"2025-03-21","event":"Asset issuer partners cooperate to freeze or lock approximately 73% of the protocol's TVL.","source":"Rekt News","source_url":"https://rekt.news/zoth-rekt"},{"date":"2025-03-25","event":"Stolen funds reported consolidated in attacker wallets; Crystal Blockchain BV engaged for asset tracing. $500,000 public bounty launched via Securr.","source":"CryptoTVPlus / BitcoinEthereumNews","source_url":"https://cryptotvplus.com/2025/03/rwa-restaking-protocol-zoth-offers-500k-bounty-after-8-4m-hack/"},{"date":"2025-04-01","event":"Zoth releases progress update: no significant changes in fund movements observed; tracking and investigation ongoing.","source":"Bitget News","source_url":"https://www.bitget.com/news/detail/12560604674255"},{"date":"2025-04-01","event":"Zoth announces 'Next Chapter' press release: $15M strategic token commitment from Bolts Capital, user compensation program, and phased ZeUSD relaunch with enhanced security measures.","source":"PR Newswire","source_url":"https://www.prnewswire.com/news-releases/zoths-next-chapter-advancing-secure-scalable-rwa-infrastructure-302450470.html"}]},"v":1}