lazarusholic

• Reported: 2025-03
• Locations: Panama
• Motivations: #FinancialGain
• Sectors: #Cryptocurrency

On March 21, 2025, Zoth suffered a major security breach resulting in the loss of approximately $8.4 million worth of USD0++ tokens. This incident occurred just three weeks after a smaller attack on March 1, which had already exposed vulnerabilities in the platform. The attacker managed to gain control of the deployer wallet, enabling them to maliciously upgrade a smart contract and withdraw a large amount of USD0++ tokens. These stolen tokens were subsequently converted to DAI and transferred to another address. In response, Zoth froze around 73% of its total value locked (TVL) to limit further damage and appointed Crystal Blockchain BV to lead an investigation. The team also offered a $500,000 bounty for information that could lead to the recovery of the stolen funds. This breach highlights the critical importance of admin key security in DeFi protocols. It also underscores that while code audits and bug bounty programs are essential, they are not sufficient if privileged access is not properly secured. Zoth’s case reinforces the need for stronger safeguards like multi-signature wallets to mitigate insider risks.