On March 21, 2025, at 08:47:35 AM UTC, the Zoth protocol suffered an exploit due to a compromise of its deployer wallet, which led to the unauthorized upgrade of a proxy contract to a malicious implementation.
This allowed the attacker to withdraw approximately $8.4 million USD0++ tokens, which were quickly swapped for DAI and later converted into ETH.
The attack appears to have been planned weeks in advance, with all associated accounts being funded via ChangeNOW.
Attacker's wallet 0x3b33c5cd948be5863b72cb3d6e9c0b36e67d01e5 was funded with 0.54626537 ETH (~$1,072.12) via ChangeNOW.
Attacker deployed a malicious contract at 0xc89d7894341e13d5067d003af5346b257d861f56
.
The exploit was made possible due to a compromise of the deployer wallet, which had admin privileges over the proxy contract.
The attacker gained access to this Externally Owned Account (EOA) and used it to execute an upgrade to a malicious implementation contract, granting them complete control over funds.
Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!