Aztec Network Hack 2026 — $2M Exploit Analysis

Aztec Network RollupProcessor escapeHatch() function drained due to missing access controls

Details

Full Description

On June 18, 2026, Aztec Network's RollupProcessor contract was exploited for approximately $2.21 million. The attacker targeted the escapeHatch() function at address 0x737901bea3eeb88459df9ef1be8ff3ae1b42a2ba, which lacked essential access controls such as onlyOwner modifier, rollup provider authorization, or signature verification. The TurboVerifier contract accepted escape hatch proofs even when rollupSize was set to zero. The processDepositsAndWithdrawals() function trusted spoofed proofData public inputs without validating actual fund ownership or withdrawal balances. This enabled the attacker's EOA (0x6952...8e97f) to execute unauthorized withdrawals, including a direct drain of 1,158 ETH in a single transaction. This was the second attack on Aztec infrastructure in days, following the June 14 Aztec Connect exploit.

Laundering Analysis

The attacker drained 1,158 ETH, 150,000 DAI, and 0.4696 renBTC in a single transaction. The stolen funds were moved to the attacker's EOA. As of the incident report, the funds had not yet been laundered through mixers or bridges, but the attacker had previously used Tornado Cash to fund the wallet in the Aztec Connect exploit.

Sources

Related Hacks

Back to Browse