--- title: "Aztec Hit by Second $2.1M Hack in Days as Bridge Drained" date: 2026-06-18 author: "Kelvin Scott" featured_image: "https://coinlaw.io/wp-content/uploads/2026/06/aztec-hit-by-second-2-1m-exploit.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # Aztec Hit by Second $2.1M Hack in Days as Bridge Drained Aztec has suffered a second multimillion dollar exploit in less than a week after attackers drained roughly $2.1 million from its deprecated Private Rollup Bridge. ## Key Takeaways - Aztec’s Private Rollup Bridge was exploited for approximately $2.15 million to $2.16 million. - The attack occurred just days after a separate $2.1 million exploit targeting Aztec Connect. - Researchers say the attacker abused vulnerabilities in the bridge’s emergency escape hatch withdrawal mechanism. - Aztec Labs stated the affected infrastructure was deprecated years ago and is not connected to the current Aztec Network or AZTEC token. ## What Happened? Aztec has been hit by another security incident after an attacker exploited its deprecated **Private Rollup Bridge**, draining approximately **$2.15 million** worth of crypto assets. The incident comes less than a week after a [separate exploit targeted Aztec Connect](https://coinlaw.io/aztec-connect-exploit-drains-2-1m/), raising fresh concerns about the risks posed by legacy smart contracts that remain active on chain. Security researchers from **SlowMist** and other blockchain security firms traced the exploit to the bridge’s emergency withdrawal mechanism, which allegedly allowed an attacker to manipulate proof data and withdraw funds that should not have been released. > 🚨SlowMist TI Alert🚨[@aztecnetwork](https://x.com/aztecnetwork?ref_src=twsrc%5Etfw) has been exploited again. > > 💸 Loss: 1,158 ETH+150,000 DAI+0.4696 renBTC (~$2,209,704.23 USD) > > 🔍 Root Cause: The `RollupProcessor.escapeHatch()` function (`0x737901bea3eeb88459df9ef1be8ff3ae1b42a2ba`) lacks access control: no `onlyOwner`, no… > > — SlowMist (@SlowMist\_Team) [June 18, 2026](https://x.com/SlowMist_Team/status/2067501141861232735?ref_src=twsrc%5Etfw) ## Second Exploit Hits Aztec Within Days The latest attack targeted Aztec’s **Private Rollup Bridge**, a privacy-focused infrastructure product launched in 2021 and deprecated in 2022. Although the product was shut down years ago, its smart contracts remained operational because they were designed as **immutable contracts** that cannot be altered or upgraded. According to security researchers, the attacker successfully drained approximately: - **1,158 ETH** - **150,000 DAI** - **Around 0.47 to 0.5 renBTC** The total value of the stolen assets was estimated at roughly **$2.15 million to $2.16 million** at the time of the exploit. Researchers also noted that the wallet used in the exploit was initially funded with a small amount of ETH originating from crypto exchange **HitBTC** before the attack was executed. ## How the Attack Worked? Preliminary investigations from **SlowMist**, including analysis shared by co-founder Cos and founder Yu Xian, suggest the attacker exploited weaknesses within the bridge’s **escapeHatch** function. The escape hatch was originally designed as an emergency tool that allowed users to withdraw assets directly from [Ethereum](https://coinlaw.io/ethereum-statistics/) if needed. However, researchers found that the function lacked critical verification checks. According to the findings, the attacker was able to submit a **false rollup proof** and manipulate withdrawal related parameters. The contract reportedly trusted specific transaction inputs without independently verifying ownership of the funds being withdrawn. During brief periods when the escape mechanism was active, the attacker allegedly tricked the contract into releasing assets held by the bridge’s infrastructure. Security firm **BlockSec** later said that both the recent Private Rollup Bridge exploit and the earlier Aztec Connect exploit were linked to what it described as **public input binding issues**, although the attack methods were not identical. ## Aztec Says Current Network Remains Unaffected Following the exploit, **Aztec Labs** emphasized that the compromised infrastructure has no connection to the current **Aztec Network** or the **AZTEC token**. The company explained that the affected bridge was deprecated years ago and operates as an immutable system. Because of its design, the team does not possess administrative keys and cannot pause transactions, upgrade the contracts, or directly intervene once vulnerabilities are discovered. > We are investigating a potential exploit affecting a deprecated Aztec payments product from 2021. ~$2m was transferred from the immutable smart contract in transaction: > > The deprecated product is an immutable stage 2 rollup that was sunset in 2022.… > > — Aztec Labs (@AztecLabs\_) [June 18, 2026](https://x.com/AztecLabs_/status/2067511785637163354?ref_src=twsrc%5Etfw) Aztec Labs also stressed that the incident is entirely separate from the current generation of network infrastructure under development. The latest exploit follows another attack discovered on June 14 involving **Aztec Connect**, a privacy focused rollup product that had already been deprecated in March 2023. That incident resulted in losses exceeding **$2.1 million**. ## Legacy Smart Contracts Under Fresh Scrutiny The back to back exploits have renewed debate around the [security risks posed by deprecated smart contracts](https://coinlaw.io/smart-contract-security-risks-and-audits-statistics/) that continues to hold user assets. Risk analysis platform **Blockful** warned that old smart contracts can effectively become ongoing targets for hackers when active maintenance and oversight end. Security experts argue that even when protocols discontinue products, immutable contracts containing legacy funds may continue to present attractive attack opportunities. SlowMist recommended that projects carrying assets in deprecated contracts consider structured asset migration plans to reduce long term exposure. The incident also adds to a growing list of bridge related security breaches across the crypto industry. Reports indicate that bridge exploits have already caused more than **$340 million** in losses this year alone, highlighting the continued challenges facing [decentralized finance security](https://coinlaw.io/cybersecurity-in-cryptocurrency-statistics/). ## CoinLaw’s Takeaway In my experience, these incidents show that a protocol’s greatest security risk is not always its newest technology but sometimes its oldest infrastructure. Even when products are officially discontinued, dormant contracts holding valuable assets can remain attractive targets for attackers. I found the Aztec case particularly notable because both exploits occurred within days of each other and involved infrastructure that had already been retired. The broader lesson for the crypto industry is clear: deprecating a product does not automatically eliminate its security risks if funds remain locked inside immutable contracts. Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/)