Zoth Vault Breach: Admin Key Exploit Analysis

Summary

In 2024, the crypto space lost a staggering $2.2 billion across more than 303 separate exploits. Alarmingly, incidents involving Private Key and Admin Privilege compromises topped the charts, accounting for over 43% of all cases. Despite such clear security lessons, 2025 has already demonstrated that many protocols still struggle with fundamental key management practices.

On March 21st, 2025, Zoth—a DeFi protocol bridging Traditional Finance (TradFi) and blockchain through tokenized Real-World Assets (RWAs)—experienced a severe exploit, losing approximately $8.4 million. The exploiter compromised Zoth’s admin keys, upgrading the USD0PPSubVaultUpgradeable proxy contract to a malicious implementation. This allowed the withdrawal of 8,851,750.3737 USD0++ tokens, quickly converted first into DAI, then into ETH, and moved off-chain within minutes. Security firms SlowMist and Cyvers promptly confirmed the exploit, highlighting critical vulnerabilities in admin key security.

Zoth's repsonse after the exploit

Notably, this was Zoth’s second exploit in the same month. On March 1st, a separate vulnerability in Zoth’s Loan-to-Value (LTV) validation logic resulted in a $285,000 loss, where attackers manipulated liquidity pools to mint stablecoins without sufficient collateral.

Zoth's March 1st Exploit; Attack Tx.0xc3f70057e261af554c6acf6a372389899f0c2d7d1ebd27311e39525dee88fb39

What is Zoth?

Zoth is a DeFi protocol designed to bridge TradFi and on-chain finance through the tokenization of Real-World Assets (RWAs). Central to Zoth’s platform is ZeUSD, a permissionless, omnichain (operates across multiple networks) stable token backed by high-quality assets like U.S. Treasury Bills and ETFs. Zoth aims to enhance liquidity, enabling users to engage seamlessly with decentralized exchanges, liquidity pools, and yield-generating DeFi products.

Key Addresses Involved:

  • Main Exploiter: 0x3b33c5Cd948Be5863b72cB3D6e9C0b36E67d01E5

  • Victim Contract (Proxy): 0x82f3a0392F58C50fa90542519832471BaE93e43e

  • Exploiter 2 (Holding Funds): 0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf

  • Malicious Implementation Contract: 0xc89d7894341e13d5067d003af5346b257d861f56

  • Zoth deployer: 0x3604582f56565d7060d73829ffb9ebd579218dca

Let’s now dive into the root cause analysis of the exploit to uncover how it happened and why it’s a wake-up call for the entire DeFi ecosystem.

Decoding the Exploit

The exploit on March 21st resulted from the compromise of Zoth’s deployer wallet, providing the attacker unrestricted administrative access. Leveraging these privileges, the attacker executed the upgradeToAndCall function on the USD0PPSubVaultUpgradeable proxy contract, installing a malicious implementation at address 0xc89d7894341e13d5067d003af5346b257d861f56. This upgrade allowed the attacker to withdraw 8,851,750.3737 USD0++ tokens (valued at $8.4 million), rapidly converting these funds first into DAI, then into ETH, before transferring them to an external address: 0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf.

Blockscope's transaction flow chart shows the Deployer wallet upgrading the USD0PPSubVaultUpgradeable proxy contract; Tx. hash 0xb2335f7bf58abbcaa006d0a2bed7db2c64a5dabed56fb1759260adc012c49abe

The swift execution—from proxy contract manipulation to final fund transfer—reveals a carefully orchestrated exploitation of vulnerabilities stemming from insufficient admin key security measures.

On-chain Activity

The exploit becomes notably clear and intuitive once visualized through our Tracer tool. The flowchart below precisely illustrates the sequence of on-chain events, starting from the compromised Zoth Vault (Victim). Initially, the attacker swiftly converts the stolen USD0++ tokens into DAI, transferring these funds directly to the Main Attacker address. Subsequently, the DAI is sent to an intermediary address labeled Exploiter 2, which utilizes the decentralized exchange CowSwap to convert the funds into 4,222.8881 ETH.

Some of these assets then flow to Exploiter 3 0x2128e6b2a8adabb00450fee4a65a660233735c4f and Exploiter 4 0xcb03931637cbc8d486df81f4226955f80e1acd45, which eventually routes funds to Exploiter 5 0x6ce41f95fc5514a3e8f74c5c500ef1b8a68e2316, where a portion of the proceeds currently reside. This meticulously orchestrated series of transactions underscores the attacker’s swift, strategic approach and highlights the effectiveness of their methods for obscuring the trail of stolen funds.

Tracer visualizing the Zoth Exploit

Exploit Breakdown

Proxy upgrade Execution at 8:46 UTC, March 21

The exploiter first compromised Zoth’s deployer wallet 0x3604582f56565d7060d73829ffb9ebd579218dca, which holds admin privileges for the protocol’s upgradeable contracts. Leveraging this key, at 8:46 UTC, the exploiter executed the upgradeToAndCall function on the USD0PPSubVaultUpgradeable proxy 0x82f3a0392f58c50fa90542519832471bae93e43einstalling a malicious implementation at Exploiter Contract 0xc89d7894341e13d5067d003af5346b257d861f56, thereby granting the attacker full control over the vault.

Transaction Hash: 0xb2335f7bf58abbcaa006d0a2bed7db2c64a5dabed56fb1759260adc012c49abe

Using the Transaction Decoder, we can see the trace call of the transaction where the proxy was upgraded to the malicious contract.
Transaction Logs showing the malicious contract being upgraded to the implementation contract, granting the attacker full control.

Note: The reason behind the deployer wallet compromise is still unknown, but typically, these exploits are associated with phishing or social engineering attacks rather than complex exploits.

Vault Drained at 8:47 UTC, March 21

Immediately after the upgrade, the malicious contract 0xc89d7894341e13d5067d003af5346b257d861f56 withdraws 8,851,750.3737 USD0++ tokens—worth approximately $8.4 million at the time. The withdrawal is completed in a matter of minutes, exploiting the proxy’s updated functions.

Transaction Hash: 0x33bf669d125d11c432ac9b52b9d56161101c072fd8b0ac2aa390f5760fb50ca4

Exploiter receiving millions of USD0++ Tokens form Victim Contract

Token Conversion at 9:01 UTC, March 21

The stolen USD0++ is quickly swapped for DAI using CowSwap. The exploiter transfers the DAI to a second address (Labelled as Exploiter 2 0x7b0cd0D83565aDbB57585d0265b7D15d6D9f60cf, ) which subsequently swap it for ETH, using CowSwap

CowSwap is levraged to swap stolen USD0++ inot DAI and ETH

Final Transfer

As of March 25th, the newly acquired ETH is consolidated into the attacker’s external wallet, labelled as Exploiter 2 and Exploiter 5, completing the heist. At this stage, the attacker has full custody of the stolen funds in ETH, making recovery substantially more difficult.

Exploiter 5 holds 1,014 ETH
Exploiter 2 holds 3,233 ETH

Analyzing Smart Contracts

Identifying the root cause and unraveling exploit orchestrations in blockchain incidents can be highly challenging, particularly for users with limited technical expertise. Blockscope's Contract Analysis and Contract Usage tools significantly simplify this process by delivering clear, AI-powered explanations of smart contract functions.

For instance, during the investigation of the Zoth exploit, Blockscope's Contract Usage tool was instrumental in rapidly identifying and understanding the functionalities of the malicious contract at address 0x82f3a0392f58c50fa90542519832471bae93e43e. Users, even those without extensive blockchain knowledge, could quickly comprehend each function's role by simply clicking the "Explain" button, thereby streamlining the investigative process and enabling effective analysis.

Contract Usage tool displaying all functions of the malicious contract with AI-powered explanations.

Monitoring

To proactively track and respond to further developments, we've established a public watchtower monitoring all relevant addresses, particularly Exploiter 2 and Exploiter 5. Stakeholders can utilize this real-time visibility to enhance response measures and potentially mitigate further risks.

Access the public watchtower: Zoth Exploit Watchtower

Conclusion

In summary, this incident underscores the critical need for rigorous security practices, continuous monitoring, and timely updates to smart contract permissions and controls. Enhanced vigilance and rapid response capabilities remain essential in minimizing damage and protecting decentralized ecosystems against similar sophisticated exploits.

At Blockscope, we develop tools and technologies to safeguard your assets and empower individuals and organizations to take accountability. We remain committed to continuously enhancing our analytical capabilities and tools, actively contributing to a safer blockchain ecosystem for all stakeholders.

Investigation by: Tushar Tiwari, Analyst @ Blockscope

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

  • The data used in this investigation may contain inaccuracies, omissions, or errors.

  • Information sources may be incomplete or subject to change.

  • New evidence may emerge that could alter the conclusions.

  • Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy but cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.

Last updated