NEWSLETTER
Zoth, an ethereum headquarters -centered platform centered in the real world tokenized, suffered a second important security violation in less than three weeks on March 21, with the attackers who exhausted $ 8.85 million in digital assets.
The company confirmed the violation and is working with security experts to investigate the incident.
Zoth is also offering a <a target="_blank" href="https://x.com/zothdotio/status/1903151325808107681″>$ 500,000 Bounty To obtain information that leads to the identification of the hacker responsible for the recent exploit of $ 8.85 million.
The Hack, which occurred at the beginning of March 21, involved the attacker who committed a key of administration and obtained control of a Zoth power contract. The hacker updated the contract, allowing transfers of unauthorized funds.
Ochain's analysis shows that $ 8.85 million in USD0 ++ Stablecoins drained from the contract and became 4,223 eth, which then moved to an external wallet.
Zoth recognized security violation and insured users who are taking the steps to mitigate the impact. The company promised to publish a full report once its research is completed.
Second hack
This is the second exploit aimed at Zoth this month. On March 6, an attacker exploded vulnerability in one of its liquidity groups, coined synthetic assets without sufficient guarantees and causing a loss of $ 285,000.
Security experts suggest that rape could have been avoided with better key management and real -time monitoring. They warn that additional funds may be at risk if other contracts within the platform share the same administrator access.
Zoth has not revealed if he will reimburse affected users, but said he is still committed to strengthening security measures to avoid future incidents.
The incident emphasizes the continuous risks facing decentralized financial platforms, particularly those that depend on centralized administration controls. Blockchain security companies have noticed an increase in sophisticated key commitments, with more than $ 10 billion lost due to exploits related to Defi in the last five years.
The company did not comment on how the attacker could have obtained the private key, but promised to provide updates once the investigation is completed.
