Legacy Aztec infrastructure targeted again in a separate security incident.
Security researchers traced the exploit to legacy Aztec infrastructure
Photo Credit: Unsplash/Shubham Dhage
The second breach to hit Aztec's legacy architecture is taking place just days after the first one, raising even more worries regarding the security of such legacy smart contract infrastructure. The bridge to the private rollup service from the Aztec protocol was exploited on Thursday for 1,158 ETH, 150,000 DAI, and 0.46 RENBTC worth roughly $2.15 million (roughly Rs. 19.82 crore), reports Cos, co-founder of cybersecurity firm SlowMist. According to him, initial research suggests the hack occurred due to exploiting the fake rollup proof.
Aztec Labs confirmed the attack and further disclosed that $2 million (roughly Rs. 18.88 crore) was stolen through an immutable smart contract of a defunct payment product, launched back in 2022, in regard to which Aztec Labs did not hold any admin keys. The company also indicated that there was no link between the hack and the $2.1 million (roughly Rs. 19.82 crore) that was siphoned from the Aztec Connect smart contract on Sunday. Aztec Connect is a privacy-focused rollup that became deprecated back in March 2023 after Aztec stopped accepting deposits to focus on their next-generation platform, Aztec Network.
Aztec 似乎又被盗了,其 Private Rollup Bridge 0x737901bea3eeb88459df9ef1BE8fF3Ae1B42A2ba 有三笔可疑利用(总约 215 万美金):
1,158 ETH https://t.co/0sDIQYefVw
150,000 DAI https://t.co/0sGMwPqpkm
0.46963295 renBTC https://t.co/1v1yJjnTmH
资金主要都在:…
Although Aztec Connect was previously deprecated, the attacker managed to steal more than $2.1 million (roughly Rs. 19.82 crore) from the exploit as the immutable contract still possessed legacy assets from users, according to SlowMist. To protocols that possess deprecated contracts with legacy assets, SlowMist suggested an organised migration of assets to eliminate cybersecurity risks.
These two raids, along with the theft of $1.3 million (roughly Rs. 12.27 crore) dollars worth of cryptocurrency from Raydium, which occurred early in June, sparked worries about outdated smart contracts since these three attacks were caused by problems in abandoned infrastructure. “Old contracts continue to be bug bounties available to any hackers. With protocols removing their responsibility to maintain them, they can become even more tempting,” wrote risk analysis platform Blockful in an X post.
Another incident that occurred in May, when Echo Protocol, a decentralised finance (DeFi) protocol deployed on the Monad blockchain, was hacked after an attacker managed to mint around 1,000 unauthorised eBTC on the protocol. Blockchain analytics platform Lookonchain and security firm PeckShield observed that the hacker minted these eBTC worth around $76.7 million (roughly Rs. 724 crore). The attacker attempted to launder part of this loot by depositing 45 eBTC, worth around $3.45 million (roughly Rs. 32.56 crore), into the DeFi lending and liquidity management protocol Curvance.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.