Registration
 
All news
Top Stories
Editors' Picks
Crypto
Financial News
Currencies
Market Voices
Companies
Regulators
Central Banks
Parshwa Turakhiya
Parshwa Turakhiya

Repeat $2.16 million Aztec exploit raises concerns over legacy DeFi contracts

Repeat $2.16 million Aztec exploit raises concerns over legacy DeFi contracts
Aztec’s old bridge lost $2.16 million

​Aztec Labs has been hit by a second exploit in less than a week, after an attacker drained about $2.16 million from a deprecated Private Rollup Bridge that had been shut down years ago. The incident did not affect the current Aztec network or the AZTEC token, but it renewed scrutiny of old smart contracts that remain live on-chain even after products are retired.

Highlights

  • Aztec’s deprecated Private Rollup Bridge lost about $2.16 million.
  • The attacker withdrew ETH, DAI and renBTC from old immutable contracts.
  • Aztec said the current network and AZTEC token were not affected.

Another attack on abandoned infrastructure

The attacker targeted Aztec’s old Private Rollup Bridge, a product launched in 2021 and closed in 2022, Coinpedia reports. Although the bridge had been discontinued, its smart contracts remained active because they were immutable, meaning Aztec could not pause or upgrade them after deployment.

The attacker withdrew 1,158 ETH, 150,000 DAI and 0.47 renBTC, according to SlowMist data. The exploit wallet was reportedly funded with just 0.134 ETH from HitBTC before the attack.

The attack followed another exploit discovered on June 14 involving the deprecated Aztec Connect product, which led to losses estimated at more than $2.15 million. That earlier incident also targeted legacy infrastructure, not the current Aztec network.

Escape hatch weakness

SlowMist researchers linked the latest exploit to a weakness in the bridge’s escape hatch function, an emergency withdrawal mechanism designed to let users recover funds under certain conditions. The problem, according to the report, was that the contract did not properly verify withdrawal requests and trusted some submitted transaction data without independently confirming fund ownership.

That allowed the attacker to submit a proof that appeared valid while using manipulated withdrawal information. The contract then released funds it should not have approved. The case shows how even emergency tools can become attack surfaces if verification logic is incomplete.

Aztec Labs said the affected product has no link to the current network, current smart contracts or the AZTEC ERC-20 token. The company also said it no longer has administrative control over the old bridge, which limits its ability to intervene after the exploit.

Legacy code remains a DeFi liability

The Aztec incidents highlight a recurring risk in decentralized finance: old smart contracts can remain economically relevant long after teams stop maintaining them. If funds are still inside those contracts, immutability can protect users from arbitrary changes but also prevent emergency fixes.

For users, the main issue is not only whether a current protocol is secure, but whether older products still hold assets and whether their shutdown process was complete. For developers, the lesson is clearer: deprecation does not end risk. If contracts cannot be upgraded, projects need stronger withdrawal campaigns, monitoring and public warnings before legacy systems become targets.

We also reported Verus-Ethereum Bridge loses more than $11 million in validation exploit.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Editor's Picks for You

Intel's comeback: Apple, Trump and the AI bet
  • By Mikhail Vnuchkov
  • 17 hours ago
Intel's comeback: Apple, Trump and the AI bet
Editors' Picks
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
  • By Oleg Tkachenko
  • Yesterday
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
Editors' Picks
Toncoin becomes Gram: Why Durov restored token's original name
  • By Anastasiia Chabaniuk
  • 16.06.2026
Toncoin becomes Gram: Why Durov restored token's original name
Editors' Picks
All Editors' Top Picks

Latest Crypto News

Texas grid approval could boost bitcoin miners' data center expansion
  • By Ashutosh Sureka
  • 4 hours ago
Texas grid approval could boost bitcoin miners' data center expansion
Crypto
#Crypto #USA #Core Scientific
Ireland plans crypto safeguards as financial crime risks rise
  • By Ashutosh Sureka
  • 5 hours ago
Ireland plans crypto safeguards as financial crime risks rise
Crypto
#Crypto #David Rubenstein #Axon Enterprise Inc
Capital B secures approval for $120 billion Bitcoin treasury plan
  • By Pavlo Kot
  • 10 hours ago
Capital B secures approval for $120 billion Bitcoin treasury plan
Crypto
#Crypto #Bitcoin
All Crypto News
  • Mikhail Vnuchkov
  • 17 hours ago
Intel's comeback: Apple, Trump and the AI bet
  • Oleg Tkachenko
  • Yesterday
Bitcoin price prediction based on RSI: Is BTC poised for a new rally?
  • Anastasiia Chabaniuk
  • 16.06.2026
Toncoin becomes Gram: Why Durov restored token's original name
  • Kyle Torpey
  • 15.06.2026
Why Tether flipping Ethereum is a pivotal moment for crypto
  • Eugene Komchuk
  • 15.06.2026
MiCA deadline: Why crypto companies are leaving Europe
  • Hlib Chabaniuk
  • 14 min ago
Danielle DiMartino Booth: Losses impact lending standards in credit markets
  • Jose Antonio Gastelum
  • 19 min ago
Wendy O: Personal appreciation for Bitcoin and positive mindset
  • Ashutosh Sureka
  • 29 min ago
James Lavish: Emotion can be a key obstacle for investors
  • Daria Chernytska
  • 34 min ago
Strategy has $32 billion in net cash, Fred Krueger notes
  • Dmytro Kharkov
  • 1 hour ago
Fed bond-buying has lost hundreds of billions and reform is urgent, David Malpass argues
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.
Top News
  • Olga Shendetskaya
  • 11 hours ago
Goldman sees Warsh remarks as new risk for two-year Treasuries
Goldman sees Warsh remarks as new risk for two-year Treasuries
  • Andrey Mastykin
  • 12 hours ago
G7 calls for stronger fight against North Korean crypto theft
G7 calls for stronger fight against North Korean crypto theft
  • Eugene Komchuk
  • 13 hours ago
First oil tankers cross Strait of Hormuz after U.S.-Iran agreement
First oil tankers cross Strait of Hormuz after U.S.-Iran agreement
  • Ivan Andriyenko
  • 17 hours ago
U.S. futures rise as investors weigh Iran deal and Fed
U.S. futures rise as investors weigh Iran deal and Fed
  • Mikhail Vnuchkov
  • 17 hours ago
Intel's comeback: Apple, Trump and the AI bet
Intel's comeback: Apple, Trump and the AI bet
Live News
  • Anton Kharitonov
  • Now
Microsoft balances AI investment with investor expectations
  • Anton Kharitonov
  • Now
Apple maintains strong fundamentals despite market pressures
  • Mykhailo Ihnatenko
  • Now
SPCX pulls back for the first time: Can SpaceX optimism sustain rally?
  • Anton Kharitonov
  • Now
Bitcoin tests major support after hawkish Fed signal
  • Mykhailo Ihnatenko
  • Now
Intel jumps on Apple foundry hopes: Can INTC reach new highs?
Who We Are
Business Solutions
For Users
TU News
Popular Sections
Disclosures
CONTACT US
Legal
We are in Social Media
© IAFT Ltd., 2010-2026 All rights to the website are owned by IAFT Ltd.,
Registration number - HE 336186
  • Risk disclosure:

    Information on the TradersUnion.com website is for informational purposes only and does not constitute any motive or suggestion to visitors to invest money. Moreover, we hereby warn you that trading on the Forex and CFD markets is always a high risk. According to the statistics, 75-89% of customers lose the funds invested and only 11-25% of traders earn a profit. Trading in futures and options carries substantial risk of loss and is not suitable for every investor.

    That is why you should only invest money that you are prepared — or can afford — to lose at such high risks. Tradersunion.com does not provide any financial services, including investment or financial advisory services. Also, the Traders Union is not a broker and does not get money for trading in the Forex or CFD markets. Our website only provides information on brokers and the markets and helps its users to select the best brokerage company based on detailed information and objective analysis of brokers.

  • Disclaimer:

    Traders Union (TradersUnion.com) shall not be liable for the consequences of trading decisions made by the Client and for the possible loss of his capital resulting from the use of this website and information published on it.

    Forex market, CFD and cryptocurrency trading involves high risks and is not suitable for everyone. Before investing money, you need to adequately assess the level of your expertise and be aware of the risks, particularly in the context of trading with leverage. The information on this website is not intended for distribution or use by any person in any country or jurisdiction, where such distribution or use would be in violation of the local law or regulation. Any payments by Traders Union (TradersUnion.com) to the users of our website shall be legally interpreted solely as an incentive on our part for the activity on the website in the form of a deduction of a part of the advertising income; they shall not be a subject of any claims of our users or our obligations, a subject of disputes, as well as cannot be considered in relation to the services provided to users by brokers, both in fact and in their completeness and volume. The administration of the website shall not be liable for the content of user comments and reviews about the companies and shall not verify whether the authors of the reviews are indeed real clients of a specific company. All reviews, both negative and positive are published on the website without verification of their reliability; only offensive reviews that call for violence or any kind of discrimination and also reviews published from one group of IP addresses are moderated and removed. The authors of the materials shall be fully liable for the accuracy, completeness and impartiality of any information in the articles and reviews, including in the context of their use or mention of any brand names or trademarks. All mentions of the names of companies and their brands in any materials on the website shall be made in the context of communication of socially important information to the people about their activities by independent journalists, who are the authors. All evaluations and indicators on the website express the subjective opinion of the authors of the reviews (articles) and shall not be viewed as accurate statements and be a subject of disputes and claims against Traders Union.

  • Disclosure of advertisers and revenues:

    All the services on the Tradersunion.com website are free for you to use. Our team spends thousands of hours per annum researching brokers and gathering information about them to help investors all over the world to choose reliable companies and to avoid fraudsters.

    Indeed, the curating, sourcing, and organization of this process requires substantial financial investment by Tradersunion.com, which the website earns in the form of advertising payments. There are two types of advertising services on the website — direct advertising or partner (broker) participation programs. However, no services purchased by our partners shall affect the recommendations on our website, or our opinions, or ratings. Our ratings are based on our objective rating criteria and methodology; and the results are always equally and fairly applied to each broker. The work of our content authors and research groups does not involve any interaction with our advertisers and they do not have access to data concerning the amount of advertising purchased. For over 10 years we consider our independence, absolute openness, and objectivity as our main priority. Please follow the links to each of our affiliated broker’s websites. This will help Tradersunion.com to continue to provide our services to you for free.

onepercentfortheplanet.org World Association of News Publishers https://gdpr.eu/ GDPR