Aztec Faces Second $2 Million Exploit in Four Days as Validation Flaw Emerges

• Aztec lost $2.165 million in a second exploit this week.
• BlockSec linked the attack to a separate validation flaw.
• Aztec said current network infrastructure and token remain unaffected.

Aztec Labs is investigating a second multimillion-dollar exploit targeting its deprecated infrastructure within four days, as attackers drained more than $2 million from an older payments product. Blockchain security firm PeckShield estimated that the attack resulted in losses of about $2.165 million, including 1,158 ETH, 150,000 DAI, and 0.47 renBTC, while also noting that the exploit was funded with 0.134 ETH originating from HitBTC.

The latest breach comes only days after another exploit struck the immutable Aztec Connect smart contract. That incident drained nearly $2.1 million and raised concerns about risks associated with legacy decentralized finance infrastructure. Researchers at BlockSec said the new attack appears linked to the June 14 exploit. However, they explained that the attacker targeted a different liquidity pool through a separate entry point. According to BlockSec, the exploit relied on a validation flaw that enabled withdrawals while still passing onchain verification checks.

The security firm added that the vulnerability differs from the one used in the earlier attack, although both incidents involved circuit public input binding issues and shared similar execution traces.

Also Read: Uniswap Whale Transactions Hit Seven-Month High as Network Usage Climbs

Validation Flaw Exposes Legacy Infrastructure

According to BlockSec, the attacker exploited weaknesses in the protocol’s validation process. As a result, funds could be withdrawn without triggering the protections normally expected from the system. Meanwhile, the Aztec Foundation stressed that the exploited product has no connection to the current Aztec network or the AZTEC ERC20 token. The organization emphasized that the affected platform was deprecated four years ago and no longer forms part of active development efforts.

Moreover, the foundation described the compromised product as an immutable stage 2 rollup. Because the system remains onchain, developers cannot alter its smart contracts despite ending support years ago. Consequently, older decentralized finance applications can remain vulnerable when undiscovered flaws emerge long after development has stopped. Security researchers have repeatedly warned that immutable infrastructure may continue attracting attackers even when projects are no longer maintained.

The latest Aztec exploit also adds to a difficult period for the decentralized finance sector. More than 30 protocols have reportedly suffered security breaches this year, resulting in losses exceeding $600 million. Among the largest incidents was the recent Kelp DAO exploit, which accounted for approximately $292 million in losses.  Aztec Labs said it is continuing its investigation into the incident and will provide additional updates as more details become available.

Conclusion

The second exploit in less than a week has placed renewed attention on dormant DeFi infrastructure that remains accessible onchain. While Aztec maintains that its current network remains unaffected, investigators are still examining how attackers exploited the retired system and whether similar vulnerabilities exist elsewhere.

Also Read: Alert: XRP Balance on Exchanges Keeps Dropping – Here’s How Much Was Pulled Out in 72 Hours

The post Aztec Faces Second $2 Million Exploit in Four Days as Validation Flaw Emerges appeared first on 36Crypto.