Aztec Suffers Second $2.15M Exploit in a Week
Aztec鈥檚 deprecated bridge was exploited for $2.15M, the second attack in a week after a $2.1M theft from Aztec Connect. SlowMist identified a false rollup proof used to drain assets from immutable contracts, raising alarms about abandoned smart contract security.
Quick Take
Second exploit drained $2.15M in ETH, DAI, renBTC via false rollup proof.
First exploit took $2.1M from Aztec Connect on deprecated contracts.
Aztec Labs held no admin keys, unable to pause the contracts.
SlowMist urges asset migration from deprecated infrastructure.
Market Impact Analysis
BearishExploits on deprecated DeFi contracts raise security concerns and may erode confidence in similar infrastructure.
Speculation Analysis
Key Takeaways
- A false rollup proof tricked Aztec鈥檚 deprecated bridge into releasing $2.15M in crypto.
- The attack came just days after $2.1M was stolen from another Aztec contract, Aztec Connect.
- Aztec Labs could not pause the exploits because the contracts are immutable and the team holds no admin keys.
- SlowMist urges protocols to migrate assets from abandoned infrastructure to eliminate ongoing security risks.
What Happened
Aztec鈥檚 deprecated private rollup bridge lost $2.15M after an attacker submitted a false rollup proof, draining reserves of ETH, DAI, and renBTC. The Thursday night theft came four days after a separate exploit stole $2.1M from Aztec Connect, another abandoned contract. Aztec Labs confirmed the incident, noting that the contracts were deprecated in 2022 and 2023, and no admin keys exist, making it impossible to pause transactions. The immutability of these smart contracts left user funds stranded and vulnerable.
The Numbers
Across two exploits, attackers drained a combined $4.25M. The second attack removed 1,158 ETH, 150,000 DAI, and 0.46 renBTC, valued at approximately $2.15M. The first exploit, on Sunday, targeted Aztec Connect and netted $2.1M. Both contracts had been deprecated鈥攖he bridge in 2022 and Aztec Connect in March 2023. SlowMist鈥檚 post-mortem revealed the attacker used a bogus rollup proof to validate a withdrawal, exploiting a vulnerability in the abandoned infrastructure.
Why It Happened
The exploits stem from a single root cause: neglected smart contract security. Once Aztec deprecated these products, it stopped maintaining them, leaving inherited vulnerabilities unpatched. The immutable nature of Ethereum contracts meant no one could intervene during an attack. Hackers recognized this weakness, exploiting the false-proof bug to drain assets. The back-to-back incidents underscore a growing pattern鈥攄eprecated DeFi protocols are becoming honeypots for attackers, especially when legacy user funds remain locked in unmonitored contracts.
Broader Impact
The Aztec attacks amplify panic around abandoned DeFi infrastructure. Earlier in June, Raydium lost $1.3M in a similar exploit on deprecated code. These events are forcing a reckoning: projects must either migrate assets or risk bleeding more funds. SlowMist鈥檚 call for migration has become a rallying cry, but implementation remains spotty. Regulators may also take note, pushing for accountability when protocols leave user money in ghost contracts.
What to Watch Next
- Protocols with deprecated contracts holding assets will likely accelerate migration plans or face community backlash.
- More exploits may surface as copycat attackers probe other abandoned projects.
- Aztec鈥檚 development of a next-generation network could incorporate safeguards to prevent similar legacy risks.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
漏 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
