# Zoth Vault Breach: Admin Key Exploit Analysis

## Summary In 2024, the crypto space lost a staggering **$2.2 billion** across more than **303 separate exploits**. Alarmingly, incidents involving [**Private Key and Admin Privilege compromises** topped the charts, accounting for over **43% of all cases**](https://x.com/BlockscopeCo/status/1881782673531912686). Despite such clear security lessons, 2025 has already demonstrated that many protocols still struggle with fundamental key management practices. On **March 21st, 2025**, [Zoth](https://x.com/zothdotio?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)—a DeFi protocol bridging Traditional Finance (TradFi) and blockchain through tokenized Real-World Assets (RWAs)—experienced a severe exploit, losing approximately **$8.4 million**. The exploiter compromised Zoth’s admin keys, upgrading the **USD0PPSubVaultUpgradeable proxy contract** to a malicious implementation. This allowed the withdrawal of **8,851,750.3737 USD0++ tokens**, quickly converted first into **DAI**, then into **ETH**, and moved off-chain within minutes. Security firms [**SlowMist**](https://x.com/SlowMist_Team/status/1903020756830974217) and [**Cyvers**](https://x.com/CyversAlerts/status/1903021017460600885) promptly confirmed the exploit, highlighting critical vulnerabilities in admin key security.

Notably, this was Zoth’s second exploit in the same month. [On **March 1st**, a separate vulnerability in Zoth’s Loan-to-Value (LTV) validation logic resulted in a **$285,000 loss**,](https://blog.solidityscan.com/zoth-hack-analysis-80ba3ac5076b) where attackers manipulated liquidity pools to mint stablecoins without sufficient collateral.

**Zoth's March 1st Exploit; Attack Tx**.`0xc3f70057e261af554c6acf6a372389899f0c2d7d1ebd27311e39525dee88fb39`

### **What is Zoth?** [Zoth](https://x.com/zothdotio?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) is a DeFi protocol designed to bridge **TradFi** and **on-chain finance** through the tokenization of **Real-World Assets (RWAs)**. Central to Zoth’s platform is ZeUSD, a permissionless, omnichain (operates across multiple networks) stable token backed by high-quality assets like U.S. Treasury Bills and ETFs. Zoth aims to enhance liquidity, enabling users to engage seamlessly with decentralized exchanges, liquidity pools, and yield-generating DeFi products. ### Key Addresses Involved: * **Main Exploiter:** `0x3b33c5Cd948Be5863b72cB3D6e9C0b36E67d01E5` * **Victim Contract (Proxy):** `0x82f3a0392F58C50fa90542519832471BaE93e43e` * **Exploiter 2 (Holding Funds):** `0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf` * **Malicious Implementation Contract:** `0xc89d7894341e13d5067d003af5346b257d861f56` * **Zoth deployer:** `0x3604582f56565d7060d73829ffb9ebd579218dca` Let’s now dive into the **root cause analysis** of the exploit to uncover how it happened and why it’s a wake-up call for the entire DeFi ecosystem. ## Decoding the Exploit The exploit on March 21st resulted from the compromise of **Zoth’s deployer wallet**, providing the attacker unrestricted administrative access. Leveraging these privileges, the attacker executed the **`upgradeToAndCall`** function on the **USD0PPSubVaultUpgradeable proxy contract**, installing a malicious implementation at address `0xc89d7894341e13d5067d003af5346b257d861f56`. This upgrade allowed the attacker to withdraw **8,851,750.3737 USD0++ tokens** (valued at **$8.4 million**), rapidly converting these funds first into **DAI**, then into **ETH**, before transferring them to an external address: `0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf`.

**Blockscope's transaction flow chart shows the Deployer wallet upgrading the USD0PPSubVaultUpgradeable proxy contract; Tx. hash** `0xb2335f7bf58abbcaa006d0a2bed7db2c64a5dabed56fb1759260adc012c49abe`

The swift execution—from proxy contract manipulation to final fund transfer—reveals a carefully orchestrated exploitation of vulnerabilities stemming from insufficient admin key security measures. ## On-chain Activity The exploit becomes notably clear and intuitive once visualized through our **Tracer tool**. The flowchart below precisely illustrates the sequence of on-chain events, starting from the compromised **Zoth Vault (Victim)**. Initially, the attacker swiftly converts the stolen **USD0++ tokens** into **DAI**, transferring these funds directly to the **Main Attacker** address. Subsequently, the **DAI** is sent to an intermediary address labeled **Exploiter 2**, which utilizes the decentralized exchange **CowSwap** to convert the funds into **4,222.8881 ETH**. Some of these assets then flow to **Exploiter 3** `0x2128e6b2a8adabb00450fee4a65a660233735c4f` and **Exploiter 4** `0xcb03931637cbc8d486df81f4226955f80e1acd45`, which eventually routes funds to **Exploiter 5** `0x6ce41f95fc5514a3e8f74c5c500ef1b8a68e2316`, where a portion of the proceeds currently reside. This meticulously orchestrated series of transactions underscores the attacker’s swift, strategic approach and highlights the effectiveness of their methods for obscuring the trail of stolen funds.

## Exploit Breakdown ### Proxy upgrade Execution at 8:46 UTC, March 21 The exploiter first **compromised Zoth’s deployer wallet** `0x3604582f56565d7060d73829ffb9ebd579218dca`, which holds admin privileges for the protocol’s upgradeable contracts. Leveraging this key, at **8:46 UTC,** the exploiter executed the **`upgradeToAndCall`** function on the **USD0PPSubVaultUpgradeable** proxy `0x82f3a0392f58c50fa90542519832471bae93e43e`installing a **malicious implementation** at Exploiter Contract `0xc89d7894341e13d5067d003af5346b257d861f56`, thereby granting the attacker **full control** over the vault. **Transaction Hash:** `0xb2335f7bf58abbcaa006d0a2bed7db2c64a5dabed56fb1759260adc012c49abe`

Using the **Transaction Decoder**, we can see the **trace call** of the transaction where the **proxy was upgraded to the malicious contract**.

Transaction Logs showing the malicious contract being upgraded to the implementation contract, granting the attacker full control.

**Note:** The reason behind the deployer wallet compromise is still unknown, but typically, these exploits are associated with phishing or social engineering attacks rather than complex exploits. ### **Vault Drained at 8:47 UTC, March 21** Immediately after the upgrade, the malicious contract `0xc89d7894341e13d5067d003af5346b257d861f56` **withdraws 8,851,750.3737 USD0++ tokens**—worth approximately **$8.4 million** at the time. The withdrawal is completed in a matter of minutes, exploiting the proxy’s updated functions. **Transaction Hash:** `0x33bf669d125d11c432ac9b52b9d56161101c072fd8b0ac2aa390f5760fb50ca4`

Exploiter receiving millions of USD0++ Tokens form Victim Contract

### **Token Conversion at 9:01 UTC, March 21** The stolen **USD0++** is quickly **swapped for DAI** using CowSwap. The exploiter transfers the DAI to a second address (Labelled as **Exploiter 2** `0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf`, ) which subsequently **swap it for ETH**, using **CowSwap**

CowSwap is levraged to swap stolen USD0++ inot DAI and ETH

### Final Transfer As of March 25th, the newly acquired **ETH** is consolidated into the attacker’s external wallet, labelled as **Exploiter 2** and **Exploiter 5**, completing the heist. At this stage, the attacker has **full custody** of the stolen funds in ETH, making recovery substantially more difficult.

## Analyzing Smart Contracts Identifying the root cause and unraveling exploit orchestrations in blockchain incidents can be highly challenging, particularly for users with limited technical expertise. **Blockscope's Contract Analysis and Contract Usage tools** significantly simplify this process by delivering clear, AI-powered explanations of smart contract functions. For instance, during the investigation of the Zoth exploit, **Blockscope's Contract Usage** tool was instrumental in rapidly identifying and understanding the functionalities of the malicious contract at address `0x82f3a0392f58c50fa90542519832471bae93e43e`. Users, even those without extensive blockchain knowledge, could quickly comprehend each function's role by simply clicking the "Explain" button, thereby streamlining the investigative process and enabling effective analysis.

Contract Usage tool displaying all functions of the malicious contract with AI-powered explanations.

## Monitoring To proactively track and respond to further developments, we've established a public watchtower monitoring all relevant addresses, particularly Exploiter 2 and Exploiter 5. Stakeholders can utilize this real-time visibility to enhance response measures and potentially mitigate further risks. Access the public watchtower:[ **Zoth Exploit Watchtower**](https://www.blockscope.co/community/watchtowers/67e3628787903a6fe128e992) ## Conclusion In summary, this incident underscores the critical need for rigorous security practices, continuous monitoring, and timely updates to smart contract permissions and controls. Enhanced vigilance and rapid response capabilities remain essential in minimizing damage and protecting decentralized ecosystems against similar sophisticated exploits. At [**Blockscope**](https://www.blockscope.co/), we develop tools and technologies to safeguard your assets and empower individuals and organizations to take accountability. We remain committed to continuously enhancing our analytical capabilities and tools, actively contributing to a safer blockchain ecosystem for all stakeholders. **Investigation by:** [**Tushar Tiwari**](https://in.linkedin.com/in/tushar-tiwari-1380271b7)**, Analyst @**[ **Blockscope**](https://www.blockscope.co/) For more information, please reach out to us at ****

Disclaimer: Best Effort Investigation This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations: * The data used in this investigation may contain inaccuracies, omissions, or errors. * Information sources may be incomplete or subject to change. * New evidence may emerge that could alter the conclusions. * Analysis and interpretations are based on current understanding and may evolve. We have made every reasonable attempt to ensure accuracy but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.