Aztec Labs is investigating a security breach that drained roughly $2.2 million in cryptocurrency from an outdated payments product that has been inactive since 2022. The compromised system, described as an immutable stage 2 rollup, can no longer be altered or controlled by the company.
Blockchain security firm PeckShield reported that attackers removed about 1,158 ETH, 150,000 DAI, and 0.47 renBTC. On-chain data shows the exploit was initiated with just 0.134 ETH.
Second incident in less than a week
The breach follows a similar attack on June 14 that extracted around $2.1 million from the Aztec Connect smart contract. Analysts at BlockSec said the two incidents appear connected, though they targeted different pools and used separate entry points.
BlockSec linked the latest exploit to a validation flaw known as a public input binding error. This issue allowed unauthorized withdrawals to pass verification checks on the blockchain. While the execution pattern resembled the earlier attack, the vulnerabilities originated from different parts of the codebase.
Legacy contracts pose ongoing risks
The affected infrastructure had been deprecated for years but remained accessible on-chain. Such “zombie contracts” continue to exist even after being retired, and they can still hold funds despite lacking active support or administrative oversight.
The Aztec Foundation confirmed that none of its live network contracts or the AZTEC ERC20 token were impacted. It also reiterated that it holds no administrative control over the compromised system, limiting its ability to intervene.
Part of a broader wave of defi attacks
The incident comes amid a rise in decentralized finance exploits. More than 30 projects have suffered losses exceeding $600 million so far this year, including a $292 million breach involving Kelp DAO.
Market reaction has been relatively muted, suggesting traders are distinguishing between legacy vulnerabilities and active protocol risks. Aztec Labs said additional findings and next steps will be shared as the investigation continues.
Worried about DeFi hacks like Aztec’s breach? Learn key crypto safety standards every trader should know to better protect your assets.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
