Zoth lost about $8.4 million after an attacker used compromised admin privileges to upgrade the USD0PPSubVaultUpgradeable proxy contract and drain funds. The attack withdrew 8.85 million USD0++ tokens, converted them to DAI, and transferred the proceeds away within minutes, according to blockchain traces cited by SlowMist, Cyvers, Securrtech, and others. The excerpt does not support North Korean, Lazarus, or other state-linked attribution; it frames the incident as a DeFi key-management and privileged-access failure. The same protocol had suffered a separate $285,000 exploit three weeks earlier involving Uniswap V3 liquidity-pool manipulation and LTV validation logic. The incident matters because it shows how a single compromised deployer or admin wallet can turn upgrade authority into immediate protocol-wide fund loss.