The world of decentralized finance (DeFi) has been rocked by yet another exploit, this time affecting the real-world asset (RWA) re-staking protocol Zoth. The platform, which allows users to stake their crypto assets and earn rewards, suffered a security breach resulting in over $8.4 million in losses. The incident has raised concerns about the security of DeFi protocols and the need for better protection measures.

The hack was first flagged by blockchain security firm Cyvers on March 21, when a suspicious transaction was detected on the Zoth platform. According to Cyvers, the protocol’s deployer wallet was compromised, and the attacker was able to withdraw millions of dollars worth of crypto assets. Within minutes, the stolen funds were converted into the stablecoin DAI and transferred to a different address.

In response to the incident, Zoth immediately put its website on maintenance mode and confirmed the security breach in a notice to its users. The platform is currently working to resolve the issue and has promised to release a detailed report once its investigation is completed. The team has also collaborated with its partners to mitigate the impact of the hack and recover the stolen funds.

However, the attackers have already moved the funds and swapped them into Ether (ETH), according to blockchain security firm PeckShield. This highlights the need for better security measures in DeFi protocols to prevent such attacks from happening in the future.

The Cyvers team believes that the hack was likely caused by a leak in admin privileges, which allowed the attacker to upgrade a Zoth contract to a malicious version. This gave them full control over user funds, bypassing the platform’s security mechanisms. The team suggests implementing multisig contract upgrades, timelocks, and real-time alerts for admin role changes to prevent such attacks.

Despite the potential for prevention, the security professional also believes that admin key compromises remain a major risk in the DeFi ecosystem. Without decentralized upgrade mechanisms, attackers will continue to target privileged roles to take over protocols. This highlights the need for better key management and security measures in the DeFi space.

As the DeFi industry continues to grow and attract more users, it is crucial for protocols to prioritize security and implement robust protection measures. Otherwise, incidents like the Zoth hack will continue to occur, damaging the trust and credibility of the DeFi space.