NewsNewsDetails
Aztec Network suffers another attack within three days, with approximately $2.21 million stolen.
AMBCrypto
06-18 21:21
Ai Focus
Aztec Network was attacked for the second time in three days, with approximately $2.21 million in digital assets stolen. The issue points to a lack of access control and verification in the emergency withdrawal mechanism.
Helpful
No.Help

Aztec Network has suffered another security incident. Attackers exploited a flaw in the protocol's emergency withdrawal mechanism to transfer approximately $2.21 million in digital assets from the RollupProcessor contract. The transferred assets included 1,158 ETH, 150,000 DAI, and 0.4696 renBTC.

The problem lies in the emergency withdrawal function.

The core of this attack lies in RollupProcessor.escapeHatch(). This function was originally intended to provide users with an emergency exit channel when the regular Rollup process fails.

However, the article states that this path lacks several key security restrictions, including authorization checks on the Rollup provider, restrictions on owner-only calls, and signature verification. As a result, external addresses can also call this workaround path.

Withdrawal completed after forging documents

The attacker exploited the specific condition that `rollupSize` was set to 0 to force the protocol's `TurboVerifier` contract to accept an escape hatch proof. Once the proof passed, the `processDepositsAndWithdrawals()` function executed withdrawals based solely on the publicly available inputs in the proof.

  • assetId
  • Payment address: outputOwner
  • Withdrawal amount, Publ token issuance, Uput

The problem is that the contract lacks an independent verification of whether the receiving address is entitled to the assets, and it also fails to check whether the withdrawal request corresponds to a genuine user's balance. Attackers can therefore construct a seemingly valid proof, fill in forged public parameters, and ultimately transfer funds to an externally controlled address.

An unusual transfer occurred just three days ago.

Just three days ago, Aztec Network's Router contract also suffered a loss of approximately $2.19 million. The relevant transactions occurred on the Ethereum blockchain, involving addresses 0x0f18....edd17.

Both incidents point to the same problem: the protocol lacks sufficient independent verification of on-chain inputs when validating proof data, and access controls are flawed. Even without actual ownership of the assets, attackers could potentially use seemingly valid proofs to complete withdrawals.

Additional information:The article mentions that, according to its statistics, the amount stolen from the crypto industry so far in 2026 has reached $812.15 million, with the highest single-month amount in April, reaching $634.85 million.

Tip
$0
Like
0
Save
0
Views 813
CoinMeta reminds readers to view blockchain rationally, stay aware of risks, and beware of virtual token issuance and speculation. All content on this site represents market information or related viewpoints only and does not constitute any form of investment advice. If you find sensitive content, please click“Report”,and we will handle it promptly。
Submit
Comment 0
Hot
Latest
No comments yet. Be the first!
Related
Aztec's older version of its privacy bridge has been attacked again, with approximately $2.16 million stolen.
Aztec's legacy privacy bridge suffered another attack, resulting in approximately $2.16 million in losses. The team stated that the current network and AZTEC tokens are unaffected.
Coinpedia
·2026-06-18 18:20:51
308
Aztec's old contract suffered two attacks within three days, resulting in losses exceeding $4 million.
Aztec's two deactivated old contracts were attacked twice within three days, resulting in a total loss of over $4 million. The current network and AZTEC tokens are unaffected.
CoinJournal
·2026-06-18 20:30:00
451
Aztec suffered its second attack in a week, resulting in losses of approximately $2.15 million.
Aztec suffered its second attack in a week, with old payment product contracts being exploited by forged rollup credentials, resulting in a loss of approximately $2.15 million.
Coinpaper
·2026-06-18 21:31:06
389
Aztec Network's overpass was exploited, resulting in a loss of approximately $2.16 million.
Aztec Network's Private Rollup Bridge was exploited, with on-chain data showing a loss of approximately $2.16 million, involving ETH, DAI, and renBTC.
U.Today
·2026-06-18 20:21:15
912
UXLink attackers transferred another $8.1 million in ETH to Tornado Cash
The UXLink attackers transferred approximately $8.1 million worth of ETH to Tornado Cash, bringing the total amount of assets laundered to approximately $19.1 million.
AMBCrypto
·2026-06-19 00:21:46
976
Latest from Author
Refresh
arrow
Microsoft reveals new encrypted Trojan capable of stealing mnemonic phrases
Microsoft reveals new encrypted Trojan capable of stealing mnemonic phrases
5m ago   759peopleViews
ZEC came under pressure after falling below $450, with short positions dominating.
ZEC came under pressure after falling below $450, with short positions dominating.
2h ago   794peopleViews
Wang Xiaowei, co-executive director of the Ethereum Foundation, has resigned.
Wang Xiaowei, co-executive director of the Ethereum Foundation, has resigned.
4h ago   751peopleViews
Recommended