NewsNewsDetails
Aztec suffered its second attack in a week, resulting in losses of approximately $2.15 million.
Coinpaper
06-18 21:31
Ai Focus
Aztec suffered its second attack in a week, with old payment product contracts being exploited by forged rollup credentials, resulting in a loss of approximately $2.15 million.
Helpful
No.Help

Aztec has suffered another security incident, this time affecting an outdated payment product that has long been discontinued. Attackers used forged rollup proofs to transfer 1,158 ETH, 150,000 DAI, and 0.46 renBTC from the protocol reserves, with estimated losses of approximately $2.15 million, according to reports.

The affected contracts were discontinued in 2022.

Aztec Labs confirmed that the smart contract exploited belonged to a payment product that was deprecated in 2022. The team stated that the contract was immutable, meaning it could neither be paused nor modified, and that the team no longer holds the management key that could interfere with its operation.

This means that although the relevant products have long been discontinued, the on-chain contracts still exist, and the assets within them could still be targets of attacks. This incident also exposes once again that legacy infrastructure can still leave long-term risks even after maintenance has ceased.

A similar incident happened just a few days ago.

Just days ago, another Aztec privacy rollup product, Aztec Connect, was also attacked, resulting in a loss of approximately $2.1 million. This product was officially discontinued in March 2023. Following the incident, Aztec suspended new investments and shifted its development focus to the next-generation Aztec Network.

However, although the product has been discontinued, some historical user funds remain in the old contracts, leaving room for attackers to exploit. These two consecutive incidents have also brought renewed market attention to the security of assets left behind in deactivation agreements.

Security agencies warn of risks associated with old contracts

Several security research institutions have pointed out that once deactivated contracts remain on the blockchain and still contain assets, they may become long-term targets for hackers. Risk analysis platform Blockful recently warned that after a project ceases maintenance, old contracts often become "open targets" for attackers.

In its post-mortem analysis, SlowMist also noted that leaving legacy assets within abandoned contracts for an extended period would continuously amplify security exposure. Their recommendation is that projects should develop a clear asset migration plan simultaneously when decommissioning older products, transferring funds to new infrastructure as quickly as possible.

  • The stolen assets included 1,158 ETH, 150,000 DAI, and 0.46 renBTC.
  • The previous incident involved Aztec Connect, resulting in losses of approximately $2.1 million.
  • Both incidents were related to old contracts that had been discontinued but still contained assets.
Tip
$0
Like
0
Save
0
Views 389
CoinMeta reminds readers to view blockchain rationally, stay aware of risks, and beware of virtual token issuance and speculation. All content on this site represents market information or related viewpoints only and does not constitute any form of investment advice. If you find sensitive content, please click“Report”,and we will handle it promptly。
Submit
Comment 0
Hot
Latest
No comments yet. Be the first!
Related
Aztec's old contract suffered two attacks within three days, resulting in losses exceeding $4 million.
Aztec's two deactivated old contracts were attacked twice within three days, resulting in a total loss of over $4 million. The current network and AZTEC tokens are unaffected.
CoinJournal
·2026-06-18 20:30:00
451
Aztec Network's overpass was exploited, resulting in a loss of approximately $2.16 million.
Aztec Network's Private Rollup Bridge was exploited, with on-chain data showing a loss of approximately $2.16 million, involving ETH, DAI, and renBTC.
U.Today
·2026-06-18 20:21:15
912
Aztec Network suffers another attack within three days, with approximately $2.21 million stolen.
Aztec Network was attacked for the second time in three days, with approximately $2.21 million in digital assets stolen. The issue points to a lack of access control and verification in the emergency withdrawal mechanism.
AMBCrypto
·2026-06-18 21:21:06
814
Aztec's older version of its privacy bridge has been attacked again, with approximately $2.16 million stolen.
Aztec's legacy privacy bridge suffered another attack, resulting in approximately $2.16 million in losses. The team stated that the current network and AZTEC tokens are unaffected.
Coinpedia
·2026-06-18 18:20:51
308
After hitting a record high, HYPE faces selling pressure of $55 million.
After hitting a new high, HYPE encountered net selling pressure of $55.51 million, but some whales have resumed buying, and the market is focused on the $79 level.
AMBCrypto
·2026-06-19 11:21:21
337
Latest from Author
Refresh
arrow
Franklin Templeton requests dividends to be invested in a Bitcoin ETF
Franklin Templeton requests dividends to be invested in a Bitcoin ETF
57m ago   812peopleViews
WLFI's USD1 subsidiary applies for Commonwealth Trust Bank status.
WLFI's USD1 subsidiary applies for Commonwealth Trust Bank status.
58m ago   782peopleViews
South Korea's XRPL Acceleration Program Announces 12 Finalist Teams
South Korea's XRPL Acceleration Program Announces 12 Finalist Teams
1h ago   808peopleViews
Recommended