Aztec Network exploit concerns rose after an attacker drained about $2.16 million from Aztec’s deprecated Private Rollup Bridge. It was the second incident tied to old Aztec infrastructure this week. Aztec Labs said the bridge is separate from its network.
Blockchain security firm SlowMist disclosed that the attacker targeted the Private Rollup Bridge. The product launched in 2021 and was closed in 2022. It had smart contracts that were immutable and therefore active on-chain.
Also Read: Aztec Connect Exploit Drains $2.1M From Deprecated Platform
Aztec Network Exploit Triggers AZTEC Market Pressure
According to SlowMist, the attacker withdrew 1,158 ETH, 150,000 DAI, and 0.47 renBTC. The Aztec Network exploit wallet had just 0.134 ETH deposited from HitBTC before the attack was performed.
The news had an impact on market sentiment. Since the news broke, AZTEC has dropped approximately 1.4%. The token price was hovering around $0.0159 following the reported bridge loss.
The researchers at SlowMist attributed the Aztec Network exploit to the bridge’s escape hatch functionality. The feature is an emergency withdrawal tool. However, the investigation found that it lacked important checks for withdrawal validation.
The contract failed to adequately validate the withdrawal request. It relied on the information related to transactions without personally verifying the ownership of the funds. This weakness let the attacker manipulate the withdrawal information in the proof data, which seemed correct, SlowMist said.
Immutable Aztec Bridge Leaves Team Unable To Intervene
The attacker address, identified as 0x695…78e97f, used that process to trigger unauthorized withdrawals. The Aztec Network exploit then resulted in the release of assets that should not have been approved from the contract.
According to a statement from Aztec Labs, the compromised bridge is not related to the existing Aztec network or tokens. The firm stated that the bridge had been closed four years ago and is now an immutable Stage 2 rollup.
The contract is unchangeable, meaning Aztec Labs cannot halt, upgrade, or intervene in the system. The team has stated that it no longer has administrative access to the impacted infrastructure.
The Aztec Network exploit follows another incident with deprecated Aztec Connect infrastructure, which occurred days ago. That same attack was found on June 14 with damages estimated at more than $2.15 million. The Aztec Network exploit brought risks associated with outdated on-chain contracts into focus.
Also Read: CME Group Warns of Massive 2008-Style Risks, Files Suit
