The breach centered on the RollupProcessorV3 contract, which had been left in an immutable state after Aztec Labs shuttered the platform in March 2023. Because the protocol was no longer under active management, there were no administrative keys or emergency pause functions available to halt the unauthorized activity. Security firm BlockSec identified a verification mismatch as the primary vulnerability, noting that the system’s proof logic and settlement processes failed to synchronize, allowing for the creation of unbacked balances.
Data from CertiK indicates the attacker extracted 909 ETH, roughly 270,000 DAI, and 167 wrapped staked ETH across seven distinct transactions. The perpetrator reportedly utilized Tornado Cash to fund the wallet used in the exploit. This event joins a string of DeFi security incidents throughout June, following significant losses at Humanity Protocol and Syscoin. The Aztec case serves as a stark reminder that even after a product is officially deprecated, funds remaining within immutable smart contracts continue to serve as targets for exploitation long after active support has ceased.
Comments (0)
No comments yet. Be the first!