On March 21, hackers attacked the real-world asset (RWA) restaking protocol Zoth. According to Cyvers Alerts, the estimated loss amounts to approximately $8.4 million in cryptocurrency.

🚨ALERT🚨Our system has detected a suspicious transaction involving @zothdotio. It appears that the protocol's deployer wallet has been compromised.

30 minutes ago, the proxy contract "USD0PPSubVaultUpgradeable" was upgraded to a contract created by a suspicious address.
The… pic.twitter.com/3OHmvJYpR5
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) March 21, 2025

Analysts detected a suspicious transaction 30 minutes after it was executed. The company reported that the attacker withdrew funds in the stablecoin USD0++, almost immediately converted them to DAI, and transferred them to another address.

Preliminary analysis suggests that the incident was caused by a vulnerability in the protocol’s smart contracts. Cyvers Alerts representative Hakan Unal told Cointelegraph that the hack was likely due to an administrative privilege leak.

“Unlike typical exploits, this method bypassed security mechanisms and instantly granted full control over user funds,” he explained.

Zoth confirmed the attack but has not yet released further details. At the time of writing, the RWA protocol’s website is in maintenance mode.

Security Notice

Our system has experienced a security breach. We’re actively investigating the incident and taking all necessary steps to resolve it as swiftly as possible.

We are working closely with our partners to mitigate the impact and fully resolve the issue. A detailed…
— ZOTH (@zothdotio) March 21, 2025

In March, South Korea’s Wemix Foundation disclosed a major hack of $6.2 million that occurred in late February.