An attacker exploited the escapeHatch function on Aztec's Private Rollup Bridge to withdraw $2.21M.
On June 18, 2026, the Aztec Private Rollup Bridge was exploited through its emergency escapeHatch function. The attacker discovered a way to trigger the escapeHatch without proper authorization, allowing unauthorized withdrawals from the bridge's escrow contracts. The exploit resulted in the loss of approximately $2.21 million in ETH and ERC-20 tokens. Aztec immediately disabled the escapeHatch and is implementing a multi-sig guarded replacement.
Stolen ETH and ERC-20 tokens were swapped for ETH via Uniswap and then split across multiple wallets. A portion was deposited into Tornado Cash for mixing. No CEX off-ramping has been confirmed. Aztec is working with blockchain analytics firms to trace the mixed funds. No recovery reported.