The Aztec protocol suffered a second cyberattack on Thursday, June 18, 2026. A malicious actor exploited its outdated infrastructure to siphon liquid assets, according to data published on the social platform X by the co-founder of cybersecurity firm SlowMist.
Aztec 似乎又被盗了,其 Private Rollup Bridge 0x737901bea3eeb88459df9ef1BE8fF3Ae1B42A2ba 有三笔可疑利用(总约 215 万美金):
1,158 ETH https://t.co/0sDIQYefVw
150,000 DAI https://t.co/0sGMwPqpkm
0.46963295 renBTC https://t.co/1v1yJjnTmH资金主要都在:…
— Cos(余弦)😶🌫️ (@evilcos) June 18, 2026
The cyber raid drained exactly 1,158 Ether, 150,000 units of the Dai stablecoin, and 0.46 renBTC from the private rollup bridge. The aggregate value of these stolen assets equals 2.15 million dollars at the exact time the security exploit was executed against the platform.
The attacker utilized a fraudulent rollup proof to deceive the automated network system. This technical maneuver forced the protocol to release digital assets directly from reserves into the hacker-controlled address, successfully bypassing standard cryptographic protections currently in place.
We are investigating a potential exploit affecting a deprecated Aztec payments product from 2021. ~$2m was transferred from the immutable smart contract in transaction:https://t.co/FS4JoNnfiJ
The deprecated product is an immutable stage 2 rollup that was sunset in 2022.…
— Aztec Labs (@AztecLabs_) June 18, 2026
Developers confirmed the security breach and clarified that the capital moved from a payment tool deprecated back in 2022. The team at Aztec Labs issued a statement explaining the structural details of the immutable smart contract involved in this incident.
The development entity specified it lacks administrative keys to freeze digital funds or pause financial transactions on that legacy contract. Code immutability completely prevents any external intervention following its final deployment onto the distributed ledger network.
This exploit on June 18, 2026, occurred just four days after another severe economic exploitation hit the same organization. On Sunday, June 14, 2026, an attacker subtracted 2.1 million dollars from the smart contract belonging to the old Aztec Connect privacy service.
Aztec Connect operated as a rollup focused on transactional privacy until its formal deprecation executed in March 2023. During that annual period, the engineering team halted user deposits to migrate development resources toward their next-generation network layer.
Repeated incidents expose the latent risks of legacy infrastructure within the decentralized ecosystem. Massive hacks targeting vulnerable treasuries serve as a reminder that crypto losses reached alarming levels during the entire operational period of the year 2025.
Persistent vulnerabilities within legacy smart contracts
Decentralized exchange Raydium also experienced a similar exploit in early June 2026, losing 1.3 million dollars. These three consecutive security developments revived global alarms regarding the severe danger posed by active lines of code abandoned by programming teams.
Immutable legacy contracts function as permanent bug bounties available to malicious global hackers. When protocols remove their responsibility for active security maintenance, these capital-holding frameworks transform into highly attractive, unprotected targets across the web.
Despite the technical obsolescence of Aztec Connect, the immutable wallet structure still held legacy assets belonging to real users. SlowMist determined that the absence of an orderly asset migration plan facilitated the multi-million dollar extraction of funds by malicious actors.
To mitigate these widespread structural risks within the Blockchain ecosystem, security auditors recommend mandatory liquidity transfers to newly controlled contracts. Organized migration eliminates ongoing exposure to cyberattacks and protects the remaining capital balances that users often forget to withdraw after closures.
Security analysts insist that obsolete development tools require continuous forensic monitoring. Although a decentralized project ceases public-facing operations, code deployed on the public network remains active indefinitely for any malicious observer searching for code vulnerabilities.
The theft of 1,158 Ether on Thursday, June 18, 2026, was processed through multiple transactions visible on the Etherscan block explorer. The stolen funds were quickly transferred to secondary digital wallets to complicate tracking efforts by international financial authorities.
The technical community is currently debating methodologies to invalidate immutable contracts without undermining decentralization principles. So far, the lack of integrated pause functionalities leaves users dependent on the integrity of software designed years in the past.
On-chain analytics firms maintain strict monitoring over all digital addresses linked to the June 18, 2026 attacker. A comprehensive technical report is expected from the development team to identify any remaining attack vectors within the infrastructure.
This article is for informational purposes only and does not constitute financial advice.
