Aztec Private Rollup Bridge Hack 2026 — $2M Exploit Analysis

An attacker exploited the escapeHatch function on Aztec's Private Rollup Bridge to withdraw $2.21M.

Details

Full Description

On June 18, 2026, the Aztec Private Rollup Bridge was exploited through its emergency escapeHatch function. The attacker discovered a way to trigger the escapeHatch without proper authorization, allowing unauthorized withdrawals from the bridge's escrow contracts. The exploit resulted in the loss of approximately $2.21 million in ETH and ERC-20 tokens. Aztec immediately disabled the escapeHatch and is implementing a multi-sig guarded replacement.

Laundering Analysis

Stolen ETH and ERC-20 tokens were swapped for ETH via Uniswap and then split across multiple wallets. A portion was deposited into Tornado Cash for mixing. No CEX off-ramping has been confirmed. Aztec is working with blockchain analytics firms to trace the mixed funds. No recovery reported.

Sources

Related Hacks

Back to Browse