Gate Research: Security Incident Summary for March 2025

4/7/2025, 5:20:37 AM
Gate Research: In March 2025, the Web3 industry experienced eight security incidents, resulting in total losses of $14.43 million—a significant decrease compared to the previous month. The majority of attacks involved smart contract vulnerabilities and account compromises, accounting for 62.5% of all crypto-related incidents during the period. Major cases included a $5 million exploit targeting 1inch (with 90% of the stolen funds recovered) and two separate attacks on Zoth involving a contract flaw and a private key leakage, leading to combined losses of $8.575 million. In terms of blockchain distribution, only one project this month reported losses on the public blockchain BSC.

Gate Research’s latest Web3 industry security report, based on data from SlowMist, recorded eight security incidents in March 2025, resulting in total losses of approximately $14.43 million. The incidents varied in type, with account hacks and smart contract vulnerabilities accounting for the majority, 62.5% of the total. The report provides detailed analysis of key events, including the smart contract vulnerability attack on 1inch and the Zoth incident involving contract flaws and private key leakage. Account breaches and contract vulnerabilities have been identified as the primary security threats for the month, underscoring the ongoing need for enhanced security measures across the industry.

Abstract

  • In March 2025, the Web3 industry experienced eight security incidents, resulting in total losses of $14.43 million—a significant decrease compared to the previous month.
  • Most of these incidents involved attack methods such as smart contract vulnerabilities and account breaches, which together accounted for 62.5% of all security cases in the crypto industry.
  • Major incidents this month included a smart contract vulnerability exploit targeting 1inch (resulting in $5 million in losses, of which 90% have been recovered) and two separate attacks on Zoth—one involving a contract vulnerability and the other a private key leak—leading to a combined loss of $8.575 million.
  • Regarding blockchain distribution, only one project suffered losses on the public chain BSC this month.

Security Incident Overview

According to data from SlowMist, eight security incidents were recorded between March 1 and March 30, 2025, resulting in total losses of approximately $14.43 million. The attacks primarily involved smart contract vulnerabilities, account compromise, and other exploit methods. Compared to February 2025, the total loss dropped by 99% month-over-month. Smart contract flaws and hacked accounts were the leading causes of these attacks, with five such incidents accounting for 62.5%. Official X (formerly Twitter) accounts remain key targets for hackers.[1]

This month, the only security incident on a public blockchain occurred on BSC, where Four.meme suffered losses of over $180,000. This highlights the need for ongoing improvements in smart contract auditing, risk control mechanisms, and on-chain monitoring within the BSC ecosystem.

Several blockchain projects faced major security breaches this month, resulting in significant financial damage. Among the most notable was the RWA staking platform Zoth, which suffered two separate attacks: one involving a hack that led to $8.29 million in losses, and another due to a smart contract vulnerability that caused $285,000 in damages. Additionally, DEX aggregator 1inch lost $5 million due to a contract vulnerability.

Major Security Incidents in March

According to official disclosures, over $13.5 million in losses were reported from key security breaches in March. The primary threats were private key leakages and smart contract vulnerabilities.

  • Attackers exploited a vulnerability in the outdated Fusion v1 contract, stealing around $5 million in USDC and wETH. The funds were taken from resolvers, not directly from end-user wallets.
  • The RWA staking platform Zoth suffered two security incidents in March: on March 6, a collateral calculation flaw resulted in a loss of approximately $285,000; on March 21, a hacker gained admin privileges and upgraded the contract to a malicious version, stealing around $8.29 million worth of USD0++, which was eventually converted into 4,223 ETH.

1inch

Project Overview: 1inch is a decentralized exchange (DEX) aggregator that uses smart algorithms to identify optimal trading routes across multiple DEXs, improving trading efficiency and capital usage. According to its official website, 1inch has integrated over 3.2 million liquidity sources, facilitated more than $596 billion in cumulative trade volume, and served over 21.7 million users through more than 134 million transactions.[2]

Incident Overview:

On March 5, a vulnerability in the legacy Fusion v1 smart contract led to the loss of approximately $5 million. The attacker crafted a malicious transaction path to exploit the outdated contract and drained funds—specifically USDC and wETH—from resolvers rather than individual users. Post-incident investigations revealed that the vulnerability existed only in the outdated smart contracts. By crafting a specific transaction path, the attacker invoked functions that transferred funds from the resolver. The current version of the agreement does not contain this vulnerability.

According to a post-incident analysis by Decurity, the 1inch team entered negotiations with the attacker. Currently, around 90% of the stolen funds have been recovered, with the remainder retained by the attacker as a bug bounty. The attack mainly affected legacy resolvers that hadn’t been upgraded. No direct user assets were impacted, and no significant outflow from user wallets was detected. This incident highlighted the critical need to deprecate and upgrade outdated contracts in a timely manner.[3][4][5]

Post-Incident Recommendations:

  • Strengthen Legacy Contract Management and Access Controls: Deprecated smart contracts (such as Fusion v1) should be fully decommissioned, with permissions frozen or forcibly migrated, to eliminate potential attack surfaces left for backward compatibility. Access control logic should also be improved by verifying call sources and enforcing stricter permission checks to prevent exploitation through unintended call paths.
  • Improve Audit Processes and Coverage: Peripheral modules related to core contracts (e.g., resolvers) should be included in formal audit scopes, with clearly defined risk boundaries for each component. Any structural refactoring, language upgrades, or interface changes should trigger re-auditing processes, and historical risk assessments for legacy versions should be retained.
  • Build Real-Time Monitoring and Emergency Response Systems: On-chain security monitoring systems should be deployed to detect real-time abnormal transaction behavior. A rapid response mechanism—such as permission freezing, emergency communication channels, and rollback strategies—should be in place to minimize the time window for asset loss.
  • Establish Incentive Mechanisms to Encourage White-Hat Collaboration: Bug bounty programs and responsible disclosure agreements with gray-hat hackers can incentivize ethical reporting of vulnerabilities, contributing to a stronger overall security posture for the project.

Zoth

Project Overview: Zoth is an Ethereum-based RWA restaking platform that bridges traditional finance and the DeFi ecosystem through asset tokenization. It allows users to stake compliant real-world assets to earn on-chain yields and participate in restaking mechanisms for greater capital efficiency. According to its official website, Zoth has a total value locked (TVL) of $35.4 million and over $250 million in registered assets—demonstrating its strong presence at the intersection of on-chain and traditional financial systems. The platform continues to expand its restaking ecosystem through partnerships with RWA issuers and liquidity protocols.[6]

Incident Overview:

In March 2025, Zoth experienced two major security breaches, resulting in total losses of approximately $8.575 million.

  • March 6: A design flaw in Zoth’s collateral logic allowed attackers to exploit imprecise calculations in the contract’s collateral valuation process. The attacker bypassed collateral validation checks by repeatedly invoking specific functions and extracting roughly $285,000 in excess funds. This incident revealed weaknesses in how the contract handled asset valuation, collateral ratio thresholds, and boundary conditions.
  • March 21: Zoth was targeted again in a highly coordinated and premeditated attack. After several failed attempts, the attacker successfully gained control of the deployer account and used it to upgrade the protocol via a proxy contract to a malicious version. This upgrade gave the attacker full control over the contract logic, enabling them to drain isolated vaults containing collateralized USD0++ tokens. The attacker stole approximately 845 million USD0++, which they quickly swapped to DAI and converted into 4,223 ETH—equivalent to around $8.29 million.

Following the incidents, the Zoth team immediately activated its emergency response protocol and partnered with blockchain security firm Crystal Blockchain BV to conduct an investigation. They also worked closely with asset issuer partners to secure approximately 73% of the platform’s TVL. In a public statement, Zoth announced a $500,000 bug bounty program to incentivize information that could help recover the stolen funds.

As of March 31, the stolen assets remain largely unmoved and are concentrated in two wallet addresses (holding a total of 4,223 ETH). The team has deployed on-chain monitoring systems and collaborates with global blockchain analytics firms, Web2 platforms, and law enforcement agencies to trace the attacker’s movements. Zoth has committed to releasing a full postmortem report and a recovery and rebuild plan once the investigation is complete.[7][8][9]

Post-Incident Recommendations:

  • Strengthen Core Privilege and Upgrade Management: This incident stemmed from compromising the deployer’s private key, which allowed a malicious contract upgrade—revealing critical weaknesses in privilege control and the upgrade process. Going forward, it’s recommended to adopt multi-signature wallets, implement layered access permissions, establish upgrade whitelisting mechanisms, and enforce on-chain governance or security audit procedures to ensure upgrade safety.
  • Implement Real-Time Monitoring and Automated Risk Controls: The rapid outflow of funds indicated a lack of timely detection. The platform should deploy real-time transaction monitoring, attack alert systems, and asset freezing mechanisms on-chain to reduce the response window in future attacks.
  • Improve Asset Custody and Access Control Logic: The successful withdrawal from isolated vaults suggests insufficient access control within the custody mechanism. To ensure key asset contracts are protected by multiple layers of risk controls, dynamic call restrictions, abnormal behavior detection, and transaction path validation should be introduced.
  • Institutionalize Emergency Response and Cross-Team Collaboration: The team responded quickly by coordinating with security firms and law enforcement, issuing progress updates, and launching a bounty program—effectively stabilizing the situation. For future incidents, a standardized emergency response protocol should be adopted, covering five key stages: monitoring, alerting, freezing, investigation, and communication, with a commitment to ongoing transparency.

Summary

In March 2025, multiple DeFi projects suffered security breaches, resulting in tens of millions of dollars in losses. Two notable incidents—the smart contract vulnerability exploit on 1inch and the privilege escalation attack on Zoth—again highlighted systemic risks such as legacy contract exposure, centralized admin privileges, flawed upgrade mechanisms, and insufficient risk response frameworks. While 1inch managed to recover most of the stolen funds through prompt negotiation with the attacker, and Zoth acted swiftly to initiate cross-team collaboration and safeguard 73% of its assets, both cases revealed areas for improvement in governance structures, access control, security auditing, and real-time monitoring across many DeFi protocols.

These incidents underscore the importance of implementing on-chain monitoring systems, automated asset freezing mechanisms, and incentive structures for gray-hat disclosures. For DeFi projects to maintain long-term user trust, security must be treated as a foundational design element from the outset—not as an afterthought. Gate.io reminds users to stay informed about security developments and actively protect their personal assets.


References:

  1. Slowmist,https://hacked.slowmist.io/
  2. 1inch,https://1inch.io/
  3. X,https://x.com/SlowMist_Team/status/1897958914114879656
  4. Decurity,https://blog.decurity.io/yul-calldata-corruption-1inch-postmortem-a7ea7a53bfd9
  5. X,https://x.com/PeckShieldAlert/status/1906894141193376021
  6. Zoth,https://zoth.io/
  7. X,https://x.com/zothdotio/status/1906343855181701342
  8. X,https://x.com/CyversAlerts/status/1903021017460600885
  9. X,https://x.com/PeckShieldAlert/status/1903040662829768994



Gate Research
Gate Research is a comprehensive blockchain and cryptocurrency research platform that delivers in-depth content. This includes technical analysis, hot topic insights, market reviews, industry research, trend forecasts, and macroeconomic policy analysis.

Click here to visit now

Disclaimer
Investing in the cryptocurrency market involves high risk, and it is recommended that users conduct independent research and fully understand the nature of the assets and products they are purchasing before making any investment decisions. Gate.io is not responsible for any losses or damages caused by such investment decisions.

Author: Shirley
Translator: Sonia
Reviewer(s): Addie、Evelyn、Mark
Translation Reviewer(s): Ashley、Joyce
* The information is not intended to be and does not constitute financial advice or any other recommendation of any sort offered or endorsed by Gate.
* This article may not be reproduced, transmitted or copied without referencing Gate. Contravention is an infringement of Copyright Act and may be subject to legal action.

Share

Crypto Calendar
Tokenların Kilidini Aç
Grass, 28 Ekim'de mevcut dolaşım arzının yaklaşık %74,21'ini oluşturan 181.000.000 GRASS tokeni açığa çıkaracak.
GRASS
-5.91%
2025-10-27
Ana Ağ v.2.0 Lansmanı
DuckChain Token, Ekim ayında ana ağ v.2.0'ı başlatacak.
DUCK
-8.39%
2025-10-27
StVaults Lansmanı
Lido, Lido v.3.0 güncellemesinin bir parçası olarak stVaults'ın Ekim ayında ana ağda kullanılmaya başlayacağını duyurdu. Bu arada, kullanıcılar testnet'te özellikleri keşfedebilirler. Yayın, yeni modüler kasa mimarisi aracılığıyla Ethereum staking altyapısını geliştirmeyi amaçlıyor.
LDO
-5.66%
2025-10-27
MA
Sidus, Ekim ayında bir AMA düzenleyecek.
SIDUS
-4.2%
2025-10-27
Forte Ağı Yükseltmesi
Flow, Ekim ayında başlayacak Forte yükseltmesini duyurdu. Bu yükseltme, geliştirici deneyimini iyileştirmek ve AI ile tüketiciye hazır on-chain uygulamalarını mümkün kılmak için araçlar ve performans iyileştirmeleri sunacak. Güncelleme, Cadence diline yönelik yeni özellikler, yeniden kullanılabilir bileşenler için bir kütüphane, protokol iyileştirmeleri ve rafine tokenomi içermektedir. Flow'daki mevcut ve yeni geliştiriciler, en son yetenekleri kullanarak uygulamalar ve yükseltmeler yayınlayacak. Ek detaylar, ETHGlobal hackathonu öncesinde 14 Ağustos'ta Pragma New York'ta paylaşılacak.
FLOW
-2.81%
2025-10-27
sign up guide logosign up guide logo
sign up guide content imgsign up guide content img
Start Now
Sign up and get a
$100
Voucher!
Create Account

Related Articles

Gate Research: 2024 Cryptocurrency Market  Review and 2025 Trend Forecast
Advanced

Gate Research: 2024 Cryptocurrency Market Review and 2025 Trend Forecast

This report provides a comprehensive analysis of the past year's market performance and future development trends from four key perspectives: market overview, popular ecosystems, trending sectors, and future trend predictions. In 2024, the total cryptocurrency market capitalization reached an all-time high, with Bitcoin surpassing $100,000 for the first time. On-chain Real World Assets (RWA) and the artificial intelligence sector experienced rapid growth, becoming major drivers of market expansion. Additionally, the global regulatory landscape has gradually become clearer, laying a solid foundation for market development in 2025.
1/24/2025, 8:09:57 AM
Gate Research: BTC Breaks $100K Milestone, November Crypto Trading Volume Exceeds $10 Trillion For First Time
Advanced

Gate Research: BTC Breaks $100K Milestone, November Crypto Trading Volume Exceeds $10 Trillion For First Time

Gate Research Weekly Report: Bitcoin saw an upward trend this week, rising 8.39% to $100,550, breaking through $100,000 to reach a new all-time high. Support levels should be monitored for potential pullbacks. Over the past 7 days, ETH price increased by 6.16% to $3,852.58, currently in an upward channel with key breakthrough levels to watch. Grayscale has applied to convert its Solana Trust into a spot ETF. Bitcoin's new ATH coincided with surging Coinbase premiums, indicating strong buying power from U.S. market participants. Multiple projects secured funding this week across various sectors including infrastructure, totaling $103 million.
12/6/2024, 3:07:33 AM
False Chrome Extension Stealing Analysis
Advanced

False Chrome Extension Stealing Analysis

Recently, several Web3 participants have lost funds from their accounts due to downloading a fake Chrome extension that reads browser cookies. The SlowMist team has conducted a detailed analysis of this scam tactic.
6/12/2024, 3:30:24 PM
Gate Research-A Study on the Correlation Between Memecoin and Bitcoin Prices
Advanced

Gate Research-A Study on the Correlation Between Memecoin and Bitcoin Prices

This paper delves into the correlation between Memecoin and Bitcoin prices, analyzing their relationship in terms of price trends, trading volume, and market sentiment. Through data collection, statistical analysis, and case studies, significant correlations were found between the two, influenced by multiple factors including market sentiment, investor behavior, and policy environment. The research outlines the market development history of Bitcoin and Memecoin, discusses key factors affecting prices, and provides future trend predictions. The paper also offers recommendations for investors, regulatory bodies, and industry practitioners, aiming to promote healthy development of the cryptocurrency market and improve investment decision-making rationality.
1/14/2025, 2:28:04 AM
Analysis of the Sonne Finance Attack
Intermediate

Analysis of the Sonne Finance Attack

The essence of this attack lies in the creation of the market (soToken), where the attacker performed the first collateral minting operation with a small amount of the underlying token, resulting in a very small "totalSupply" value for the soToken.
6/13/2024, 12:35:30 AM
Gate Research: Web3 Industry Funding Report - November 2024
Advanced

Gate Research: Web3 Industry Funding Report - November 2024

This report summarizes Web3 industry fundraising activities in November 2024. The industry completed 121 funding deals totaling $1.76 billion—a 28.45% decrease from the previous month. Fundraising approaches showed greater diversity, highlighted by MARA's convertible bond issuance and OG Labs' innovative combination of seed round financing and token purchase commitments. Blockchain services and public chain sectors attracted the most investment attention. The report explores key funding achievements from notable projects, including 0G Labs, StakeStone, KGeN, Noble, and Deblock.
12/13/2024, 3:30:58 PM