On 18 June, hackers exploited an unused smart contract in the L2-network Aztec, claiming funds worth about $2.15 million. The vulnerability was discovered in the outdated payment product Aztec Payments, which had been closed down as early as 2022, so the incident did not affect users and assets of the current network. According to researchers, the attacker misused the logic of testing PrivateRollupBridge contract evidence and spent just 0.134 ETH (~$230) on the attack. As a result, 1,158 ETH, 150,000 DAI and 0.47 renBTC were withdrawn.

This is the second network security incident in recent days: on June 14, hackers devastated another outdated router contract, causing almost $2.19 million in damage. Aztec Labs representatives pointed out that they do not have administrative keys and control of the system, which is why the team cannot freeze contracts or issue an update to stop the attack. The hacking was first noticed by CertiK analysts, and then confirmed by the development team.