A Dead Aztec Product Just Lost $2.2 Million

Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

Aztec Labs, a software development studio building a Layer 2 blockchain on Ethereum, is investigating another exploit involving one of its discontinued products after attackers drained around $2.2 million from an old payments rollup. The company said the affected system was a deprecated Stage 2 rollup, which it launched in 2021 and retired the following year. According to Aztec, the incident doesn’t affect its current network because the immutable contract can’t be paused or upgraded.

Deprecated rollup loses roughly $2.2 million

Indeed, blockchain security firm CertiK first flagged suspicious transactions involving Aztec’s Private Rollup Bridge contract, and estimated losses of about $2.15 million. 

PeckShield later reported that the attacker withdrew 1,158 ETH, 150,000 DAI and approximately 0.47 renBTC, which brings the total value to roughly $2.17 million at current prices.

Aztec Labs confirmed the exploit shortly afterward, and stated that about $2 million transferred away from the immutable smart contract. The company emphasized that the affected product was an old Aztec Payments rollup introduced in 2021 and sunset in 2022, and added that it holds no administrative keys or control over the retired system, which makes it impossible to freeze or upgrade the contract.

The team also said the exploit is unrelated to another incident disclosed on June 14, when attackers targeted the deprecated Aztec Connect product.

Meanwhile, Aztec’s native token AZTEC was at press time on June 19 changing hands at the price of $0.0148, which represents a decline of 7.1% in the last 24 hours, a 6.1% drop across the past seven days, and an accumulated loss of 24.9% over the month, per the latest data.

Researchers identify flaw in proof verification

CertiK’s technical analysis suggests the attacker exploited a discrepancy between how the contract verified rollup proofs and how it later executed withdrawals. According to the researchers, the attacker submitted proof data with both the rollupSize and numTxs fields set to zero during an escapeHatch() window.

Though the verification logic interpreted those values as zero, the execution path later treated the transaction count as at least one, which allowed the processing of the attacker-controlled withdrawal data. CertiK said this mismatch enabled the malicious withdrawal from the Private Rollup Bridge contract.

The attacker reportedly funded the exploit using just 0.134 ETH before draining the assets. At the time of writing, Aztec Labs said it is continuing its investigation and will provide additional updates as more information becomes available.

The post A Dead Aztec Product Just Lost $2.2 Million appeared first on TechGaged.com.