Second $2.1M Exploit Hits Aztec in Less Than a Week: SlowMist | Crypto Security News
Crypto security news: Second $2.1M Exploit Hits Aztec in Less Than a Week: SlowMist. This update explains what happened, why it matters for wallets, exchanges, traders, and users, and what the market should watch next.
Crypto Security Update
Deprecated Aztec infrastructure has suffered a second exploit within days, adding to concerns about the security of abandoned smart contract infrastructure.Aztec’s private rollup bridge was exploited on Thursday for 1,158 Ether (ETH), 150,000 Dai (DAI) and 0.46 renBTC (RENBTC), totaling about $2.15 million, according to Cos, the co-founder of cybersecurity company SlowMist.His preliminary analysis found that the attacker used a false rollup proof to trick the protocol into releasing assets from its reserves to the attacker’s address.Aztec Labs confirmed the exploit, adding that about $2 million was transferred from an immutable smart contract of a payment product deprecated in 2022, for which Aztec Labs held no admin keys or ability to pause transactions.Aztec Labs said the incident is separate from the $2.1 million stolen from Aztec Connect’s smart contract on Sunday. Aztec Connect was a privacy-focused rollup that was deprecated in March 2023, with the team halting deposits and shifting resources to the next-generation Aztec Network.Cointelegraph reached out to Aztec Labs for additional details about the vulnerability but had not received a response by publication.Etherscan record of the Thursday exploit transaction. Source: EtherscanRelated: AI models led to a ‘vulnerability apocalypse’ in crypto security: Immunefi CEOOld smart contracts raise new security concernsThe two Aztec exploits, along with the $1.3 million stolen from decentralized exchange Raydium earlier in June, renewed concerns about deprecated smart contracts, as the three incidents stemmed from vulnerabilities in abandoned infrastructure.“Old contracts continue to be bug bounties available to any hackers. With protocols removing their responsibility to maintain them, they can become even more tempting,” wrote risk analysis platform Blockful in a Tuesday X post.Despite Aztec Connect being deprecated, the attacker extracted over $2.1 million in the initial exploit as the immutable contract was still holding legacy user assets, wrote SlowMist in a post-mortem analysis of the incident.First Aztec exploit, attack overview. Source: SlowMistFor protocols with deprecated smart contracts that still hold legacy assets, SlowMist advised an orderly asset migration to eliminate the risks of ongoing cybersecurity exposure.Magazine: The legal battle over who can claim DeFi’s stolen millions
Why This Security News Matters
First, this development may affect exchange safety, wallet security, user trust, and broader market sentiment. In addition, it may influence platform security practices, fund recovery efforts, and regulatory pressure. As a result, traders and crypto users should watch the next updates closely.
What To Watch Next
Watch for official statements, post-mortem reports, wallet warnings, exchange responses, and fund recovery updates. In particular, any new details about phishing, exploits, private key exposure, or security patches could directly affect the broader crypto market.
