QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$285 000 USD
MARCH 2025
GLOBAL
ZOTH.IO
DESCRIPTION OF EVENTS
Zoth.io is the world’s first restaking layer purpose-built for Real-World Assets (RWAs), aiming to bridge the gap between traditional finance (TradFi) and decentralized finance (DeFi). It is designed to break down institutional barriers while simplifying access for retail users, thereby enabling a scalable, community-first RWAFi (Real-World Asset Finance) ecosystem. Through its permissionless infrastructure and composable financial instruments, Zoth transforms dormant RWAs into yield-generating opportunities.
Zoth.io is featured in industry-leading platforms such as Messari, and has rapidly gained traction with over $250 million in assets originated, $35.4 million in total value locked (TVL), and a community of over 1 million strong. The platform has active integrations across 7+ blockchain networks and is trusted by names like Chainlink, Ripple, Manta, Metis, and more, highlighting its robust ecosystem and credibility.
Zoth.io is transparent in its operations, supported by a comprehensive documentation suite and a focus on institutional-grade security. It ensures users can safely deposit high-quality on-chain and off-chain assets such as U.S. Treasury Bills and ETFs into collateral vaults. These assets are used to mint ZeUSD, a fully composable, permissionless, and omnichain stable token designed to unlock DeFi and RWAfi use cases.
Zoth.io is built to #ScaleRWAFi by supercharging the utility of real-world assets. Its infrastructure allows users to re-stake assets to generate rewards, access liquidity across chains, and benefit from permissionless but compliant issuance. ZeUSD can seamlessly integrate with DeFi platforms, DEXs, and liquidity pools, making it a versatile tool for yield generation and financial innovation.
Zoth.io is offering institutional-grade investment products via ZothFI, including ZTLN-P (Zoth Tokenized Liquid Notes Prime) offering up to 4–5% APY and ZSTF (Zoth Secured Trade Finance) offering up to 12% APY. These products are designed to appeal to accredited and institutional investors seeking low-risk, high-quality fixed-income portfolios without long lock-in periods.
Zoth.io is deeply community-driven, with vibrant participation across platforms like X (260K), Discord (180K), and Telegram (106K). It continues to make headlines, with milestones like launching ZeUSD, joining Ripple’s accelerator program, and partnering with institutions such as Plume, Singularity Finance, and Chainlink.
Zoth.io is shaping the future of onchain finance by providing the infrastructure necessary to tokenize trillions in untapped RWAs and integrate them seamlessly into DeFi. By combining robust financial tools with permissionless access and institutional credibility, Zoth is laying the foundation for a truly inclusive financial future.
The exploit on Zoth occurred due to a critical logic flaw in the smart contract’s mintWithStable() function, which is responsible for minting ZeUSD—a stablecoin—when users deposit other stablecoins like USDC. The function is designed to swap the deposited stablecoins for collateral (e.g., wrapped tokens like wM) and use the received collateral's value to determine how much ZeUSD the user can mint, based on predefined Loan-to-Value (LTV) rules. However, the vulnerability stemmed from the contract validating the LTV using the original deposit amount rather than the actual amount of collateral received after the swap.
The attacker exploited this flaw by first manipulating a Uniswap V3 liquidity pool, which distorted the swap rates. When the attacker deposited stablecoins via mintWithStable(), the manipulated pool caused the swap to return significantly fewer collateral tokens than expected—just 7,669 tokens. Despite this, the contract mistakenly calculated as if the attacker had received 330,979 collateral tokens, due to its reliance on the original deposit amount instead of the real collateral amount.
With this inflated collateral assumption, the attacker was allowed to mint a disproportionately large amount of ZeUSD. Later, they burned the minted ZeUSD to withdraw the falsely recorded collateral, essentially draining real assets from the protocol without ever depositing enough value to back them. This exploit netted the attacker approximately $285,000 and showcased the importance of post-swap validation and slippage checks in DeFi smart contracts.
The root cause was not a failure in swapping or token transfers, but in the logic that blindly trusted pre-swap values. Without verifying the outcome of the swap (i.e., how much collateral was actually received), the system granted excessive credit, leaving it wide open to manipulation.
"The attacker exploited a logic flaw in the LTV (Loan-To-Value) validation within the mintWithStable() function. The attacker manipulated Uniswap V3 liquidity pools to exploit an incorrect calculation of collateral received after a swap, allowing them to mint ZeUSD without depositing sufficient collateral."
"The root cause of the exploit was a logic flaw in the Loan-to-Value (LTV) validation within the mintWithStable() function, which incorrectly used the user's deposit amount instead of the actual collateral received after the swap, allowing the attacker to manipulate Uniswap V3 liquidity and mint ZeUSD without sufficient backing."
"The mintWithStable() function enables users to deposit stablecoins (e.g., USDC) to receive ZeUSD. Internally, these stablecoins are swapped for collateral (e.g., wM tokens), and the amount of collateral received is used to determine how much ZeUSD can be minted based on LTV rules."
"The Loan-to-Value (LTV) ratio is supposed to ensure users mint ZeUSD only up to a certain percentage of the collateral deposited."
"The mintWithStable() function calls _mint(), which relies on ISubVault(subvault).handleDeposit() to deposit stablecoins and swap them for the required collateral. However, the validation logic contained a critical flaw."
"LTV was validated using amount (the initial stablecoin deposit) instead of the actual collateral received (collateralReceived) after the swap. As the attacker manipulated the Uniswap V3 pool, the swap would return far fewer collateral tokens than expected. However, the contract would still assume full collateralization based on amount."
"The contract did not enforce slippage tolerance or post-swap collateral validation, meaning that even if the swap resulted in fewer collateral tokens than expected, the system blindly assumed full collateralization and credited the attacker with an inflated collateral value. The metadata storage also recorded an inflated collateral value, allowing the attacker to later withdraw an amount of collateral that was never actually deposited."
"The validateAndPrepareDeposit() function in _mint()failed to verify the LTV correctly. It blindly assigned metadata.zeusdMinted, enabling the attacker to mint more ZeUSD than they should have."
"As a result, the attacker was able to mint significantly more ZeUSD than they were entitled to, despite not having sufficient collateral backing."
"The attacker manipulated the Uniswap V3 pool to distort the swap rates. This caused the swap to return far fewer collateral tokens than expected.
They then called mintWithStable(), depositing stablecoins, but due to the manipulated swap, they received only 7,669 collateral tokens while the system incorrectly recorded 330,979 as collateral.
Since the LTV validation used the incorrect amount, the attacker was able to mint ZeUSD as if they had provided 330,979 collateral tokens instead of the actual 7,669.
Finally, the attacker burned ZeUSD to withdraw the recorded 330,979 collateral tokens, profiting $285k from the mismatch."
Widely reported as $285k.
It does not appear that the exploit was widely reported on. Only a few individuals made analysis of the transaction.
Zoth.io is the world’s first restaking layer focused on Real-World Assets (RWAs). With a community of over 1 million users, $250M in assets originated, and $35.4M TVL, Zoth offers permissionless infrastructure, composable financial tools, and stablecoin ZeUSD—backed by tokenized assets like U.S. Treasury Bills. However, a logic flaw in the mintWithStable() function allowed an attacker to exploit a miscalculated Loan-to-Value (LTV) ratio. By manipulating Uniswap V3 pools, they received far fewer collateral tokens than expected but were mistakenly credited for the full deposit amount, enabling the minting of unbacked ZeUSD. This resulted in a $285,000 exploit due to missing post-swap validations and reliance on pre-swap values. This exploit does not appear to have been widely reported.
HOW COULD THIS HAVE BEEN PREVENTED?
Proper validation using real-time data, oracle integration, and stricter LTV checks would have likely prevented this exploit.
Zoth - Rekt (Apr 17)
Zoth Homepage (Apr 17)
First Attack Transaction Profits 286,902.019393 USDC - Etherscan (Apr 17)
Zoth Hack Analysis - SolidityScan (Apr 17)
Zoth.io - "ZeUSD is now LIVE for EVERYONE. After $28M+ issued during beta and our exclusive pre-deposit phase, ZeUSD is now open for public access on Atlas." - Twitter/X (Apr 17)
Decentralized Intelligence AG - "An attacker made 130.6222 ETH ($285,927.84 USD) 9 days ago with blockchain transaction" - Twitter/X (Apr 22)
Liyi Zhou - "A deep dive into a recent DeFi exploit that drained ~$285K, in just 10 mins." - Twitter/X (Apr 22)
Analyzing a DeFi Exploit Transaction - Claude AI (Apr 22)
https://x.com/zothdotio/status/1895872365034422771 (Apr 22)
Zoth RWA restaking platform hacked (Apr 29)
