Zoth, a platform based in Ethereum focused on the active world tokenized, underwent a second major security violation in less than three weeks on March 21, the attackers draining 8.85 million dollars in digital assets.
The company confirmed the violation and works with security experts to investigate the incident.
Zoth also offers a bonus of $ 500,000 for information leading to the identification of the pirate responsible for the recent feat of $ 8.85 million.
The hack, which occurred early on March 21, involved the attacker compromising an administration key and taking control of a Zoth proxy contract. The pirate has upgraded the contract, allowing unauthorized transfers of funds.
ONCHAIN’s analysis shows that $ 8.85 million in stablescoins USD ++ were drained from the contract and converted into 4,223 ETH, which was then transferred to an external portfolio.
Zoth recognized the security violation and assured users that measures are taken to mitigate the impact. The company is committed to publishing a full report once its investigation is completed.
Second hack
This is the second feat targeting Zoth this month. On March 6, an attacker exploited a vulnerability in one of his liquidity pools, holding synthetic assets without sufficient warranty and causing a loss of $ 285,000.
Security experts suggest that the violation could have been prevented with better key management and real -time surveillance. They warn that additional funds may be at risk if other contracts within the platform share the same administrative access.
Zoth did not reveal whether it would reimburse affected users, but said that it was determined to strengthen security measures to prevent future incidents.
The incident highlights the continuous risks facing decentralized financing platforms, in particular those which depend on centralized administrative controls. Blockchain safety companies have noted an increase in sophisticated key compromises, with more than $ 10 billion lost against exploits linked to DEFI in the past five years.
The company did not comment on how the attacker may have obtained the private key, but is committed to providing updates once the investigation is completed.
