The unauthorized transaction occurred on June 17, originating from a legacy rollup contract over which Aztec Labs retains no administrative control. Because the code is immutable, the company cannot pause or upgrade the system to prevent further activity. Aztec Labs confirmed that the funds moved via Etherscan, though they remain unable to intervene in the legacy infrastructure.
The Aztec Foundation has moved to distance the current network and the AZTEC ERC20 token from the breach, stating there are no technical links between the modern ecosystem and the abandoned 2021 product. This latest security failure follows a similar $2.1 million exploit on June 14 involving Aztec Connect, which was also attributed to a verification mismatch in an outdated RollupProcessorV3 contract.
These incidents highlight a persistent vulnerability for decentralized finance: even when a project is officially discontinued, its smart contracts often remain active on the Ethereum blockchain. If capital is left stranded in these immutable vaults, they remain targets for exploitation despite the lack of active support or admin keys. Aztec Labs is currently reviewing the transaction logs to determine the scope of the exposure.
Comments (0)
No comments yet. Be the first!