Blockchain security firm SlowMist has issued an urgent security alert following a major exploit affecting Zoth
According to a post on X, the attack was likely caused by a leakage of administrative privileges, allowing hackers to manipulate the project’s logic contract.
The attackers successfully tampered with and replaced the contract with a malicious version, giving them control over certain transactions.
Security researcher @0xtroll was credited for highlighting the breach, as SlowMist urged the crypto community to remain vigilant against similar attacks.
The incident underscores the growing risks associated with smart contract vulnerabilities and the importance of robust security measures in decentralized finance (DeFi).
Hackers Drain Over $8.45 Million in Exploit
On-chain transaction data reveals that the attackers drained approximately 8,851,750 tokens, valued at over $8.45 million, from the compromised Zoth contract.
The transaction hash associated with the exploit confirms the large-scale unauthorized transfer of funds to an external wallet, 0x3b33…7d01E5.
The transaction was processed through Flashbots, a tool used to execute transactions privately, making it more difficult for defenders to react in real time.
Also Read: SlowMist Warns of Phishing Threats by Scammers Disguised as Zoom Meeting Links
The incident suggests that the attackers were highly sophisticated, leveraging advanced blockchain tools to bypass security protocols and execute the breach undetected until it was too late.
Exploit Rooted in Smart Contract Manipulation
Further analysis of the exploit indicates that the attackers inserted a malicious function within the smart contract, allowing them to execute unauthorized withdrawals.
Code snippets from the breach reveal an altered withdraw() function, which enabled the hacker’s address (0x3b33c….67d01E5) to siphon funds from the protocol.
The vulnerability was likely introduced by either compromised admin credentials or a backdoor in the smart contract.
Notably, the contract’s validation checks were manipulated, making it possible for attackers to transfer large sums of tokens without triggering security alerts.
These tactics highlight the sophisticated nature of the exploit and the ongoing risks posed by contract-level vulnerabilities in DeFi projects.
Also Read: SlowMist’s Founder Warns, Without 2FA, Privy-Based Wallets Are At Risk Of Losing All Assets
Security Experts Urge Caution Amid Rising DeFi Threats
In light of this exploit, security experts are advising crypto investors and developers to implement multi-signature authentication, conduct frequent smart contract audits, and restrict admin privileges to trusted personnel.
The breach serves as another stark reminder of the vulnerabilities that persist within the DeFi space, where projects handling millions in digital assets remain prime targets for cybercriminals.
SlowMist’s rapid response in detecting the exploit demonstrates the critical role that blockchain security firms play in mitigating risks, but investors and platforms alike must adopt stronger safeguards to prevent future attacks.
As the investigation continues, affected users and stakeholders are urged to monitor updates and take necessary precautions to secure their assets.
SlowMist Identifies Additional Security Threats in the Crypto Space
Beyond the Zoth breach, SlowMist has recently uncovered several other pressing security threats in the crypto industry.
The firm warned crypto users about malicious Chrome extensions being used to hijack browsing traffic, potentially redirecting users to phishing sites.
Additionally, it raised concerns over “address poisoning” scams on the EOS blockchain, where attackers create fraudulent wallet addresses that closely mimic legitimate ones to trick users into sending funds to the wrong accounts.
In another case, SlowMist discovered that hackers exploited an outdated smart contract on 1inch, draining $5 million in crypto.
These discoveries emphasize the urgent need for continuous security vigilance and proactive risk management in the evolving DeFi landscape.