Search the site
Press ESC to close
LIVE
Loading...
Updating...

Aztec Network Suspected of $3.15M Exploit Via Escape Hatch Flaw

Sophie Chastain
Fact-checked
2 min read
364 words
Share

The privacy-focused Ethereum layer-2 protocol, Aztec Network, is reportedly facing a security breach following the detection of suspicious transactions originating from its Private Rollup Bridge address. According to data provided by security firm SlowMist, an unidentified actor managed to siphon approximately $3.15 million in various digital assets. The incident, identified on June 18, 2026, suggests a sophisticated manipulation of the network's withdrawal mechanisms, leading to the direct depletion of custodial reserves.

Technical Breakdown of the Vulnerability

Yu Xian, the founder of SlowMist, revealed that the attacker leveraged the Escape Hatch mechanism within the Aztec RollupProcessor. This emergency feature is designed to allow users to withdraw funds even if the sequencer is offline; however, the exploiter submitted verifiable rollup proofs during an open window to bypass standard security checks. The core of the issue lies in the processDepositsAndWithdrawals function, which was reportedly manipulated to authorize unauthorized transfers.

The attacker executed three distinct withdrawals to drain the contract:

  • 1,158 ETH (Ethereum)
  • 150,000 DAI (Stablecoin)
  • 0.4696 renBTC (Wrapped Bitcoin)

Flow of Funds and Attacker Activity

Following the breach, the stolen assets were primarily consolidated at the wallet address 0x6952... E97F. On-chain analysis indicates that the perpetrator has already begun dispersing the ETH to multiple secondary addresses to obfuscate the money trail. The Escape Hatch mechanism is a critical safety feature for decentralized protocols, but its implementation can sometimes introduce unforeseen attack vectors if the verification logic is not airtight. Investigators noted that the attacker’s initial gas fees were sourced from a bridge, a common tactic used to hide the original source of funding.

The attacker used the Escape Hatch mechanism of Aztec RollupProcessor to submit verifiable rollup proofs within the open window, exploiting a vulnerability in the processDepositsAndWithdrawals function.

The incident serves as a reminder of the inherent risks associated with Zero-Knowledge (ZK) Rollup architectures and the complexities of managing decentralized custodial bridges. While the Aztec team has not yet released a formal post-mortem, the blockchain community is closely monitoring the movement of the stolen funds. As of now, users are advised to remain cautious while the security audit of the affected RollupProcessor smart contract continues.

Frequently Asked Questions

Quick answers to the most common questions about this topic.