Privacy-focused Ethereum scaling project Aztec's Private Rollup Bridge was exploited for approximately $2.15 million in stolen assets including 1,158 ETH, 150,000 DAI, and 0.47 renBTC, according to on-chain transaction data. Initial analysis by security researcher Cos suggests the attacker abused the bridge's "Escape Hatch" mechanism by submitting manipulated rollup proofs that the verifier accepted, causing the contract to release custodial reserves. This marks the second major security incident involving legacy Aztec infrastructure within days, following a separate exploit of the project's deprecated Connect system earlier this month.
Attacker Allegedly Exploited Escape Hatch Mechanism
Security researcher Cos shared analysis indicating the attacker abused Aztec's "Escape Hatch" mechanism within the RollupProcessor contract. The feature was designed as a safety measure allowing users to submit rollup proofs during specific windows if normal operations were interrupted. Researchers claim the attacker crafted proofs containing manipulated public output values, which were accepted by the verifier. The contract allegedly released assets directly from its custodial reserves. The suspicious withdrawals included 1,158 ETH, 150,000 DAI, and 0.46963295 renBTC. Blockchain security firm PeckShield later estimated total losses at approximately $2.16 million. The stolen assets were subsequently transferred to wallets controlled by the exploiter.
Incident Highlights Ongoing Bridge Security Challenges
The incident highlights continued challenges facing blockchain bridges and rollup infrastructure. Bridges remain among the most frequently targeted attack vectors in decentralized finance. Security analysts noted that the financial damage is relatively modest compared to some historic bridge exploits. However, repeated vulnerabilities can have a broader impact on user confidence. Industry observers warn that trust often becomes the largest casualty following bridge attacks, especially when projects experience multiple security incidents within a short period.
Aztec Foundation Confirms Exploit of Deprecated Product
The Aztec Foundation and Aztec Labs acknowledged the incident on June 18, stating they are investigating a potential exploit affecting a deprecated Aztec payments product launched in 2021. According to their statements, the affected system is an immutable Stage 2 rollup that was sunset in 2022. It has been deprecated for four years and is not connected to the current Aztec network or the AZTEC ERC-20 token. The teams stated they will provide further updates as the investigation continues. The alleged attacker was reportedly funded through a wallet linked to crypto exchange HitBTC before executing the exploit, according to on-chain investigators.
FAQ
What happened to Aztec's Private Rollup Bridge?
Aztec's Private Rollup Bridge was exploited for approximately $2.15 million in assets including 1,158 ETH, 150,000 DAI, and 0.47 renBTC. Initial analysis suggests the attacker abused the bridge's "Escape Hatch" mechanism by submitting manipulated rollup proofs that were accepted by the verifier, causing the contract to release custodial reserves.
How did Aztec respond to the exploit?
The Aztec Foundation acknowledged the incident on June 18 and stated they are investigating a potential exploit affecting a deprecated payments product launched in 2021. The affected system was sunset in 2022, has been deprecated for four years, and is not connected to the current Aztec network or the AZTEC ERC-20 token. The teams said they will provide further updates as the investigation continues.
