Aztec Network hit by second hack this week as escapeHatch drained of $2M

A duo of hacks on old Aztec Network contracts, reportedly caused by "public input binding issues" has netted a total of $4M this week. The post Aztec Network hit by…

Jake Harrison · 18 Jun 2026 · 3 min read

Wire content from Protos

Aztec Network has been hit by another $2 million hack, its second this week.

Following Sunday’s $2.2 million loss from Aztec Connect, Aztec’s Private Rollup Bridge has now been drained of a similar amount.

The firm stressed, in both cases, that the affected contracts are “immutable” and were “deprecated” in 2022 and 2023.

Today’s incident brings the tally of bridge-related exploits this year to 14, with over $340 million lost in total.

We are investigating a potential exploit affecting a deprecated Aztec payments product from 2021. ~$2m was transferred from the immutable smart contract in transaction:https://t.co/FS4JoNnfiJ

The deprecated product is an immutable stage 2 rollup that was sunset in 2022.…

— Aztec Labs (@AztecLabs_) June 18, 2026

Security researcher Vishal Singh was first to flag the loss, which targeted the escapeHatch function of Aztec’s Private Rollup Bridge. The escapeHatch is an emergency measure which allows users to withdraw assets held on the rollup directly from Ethereum.

Yu Xian, founder of blockchain security firm SlowMist lists three suspicious transactions draining the Private Rollup Bridge. In all, around $2.15 million was drained as 1,158 ether, 150,000 DAI and 0.5 renBTC.

He explains that, during the brief windows the hatch was “open,” anyone could trick the escapeHatch function into releasing the RollupProcessor-held funds by setting specific proofId and publicOutput parameters.

Double trouble

According to analysis from BlockSec, both Sunday’s and Thursday’s incidents, while not identical, were caused by “public input binding issues.”

Aztec connect (old version that is deprecated but still had tvl) looks hacked

Tornado funded wallet drained a few milly in farming and yield bearing tokens

don’t keep money in old contracts thanks for your attention to this matter

— Togbe (@Togbe0x) June 14, 2026

The attack targeted Aztec’s RollupProcessorV3 contract, draining approximately $2.15 million of assorted crypto tokens.

DeFi protocols have faced a worrying tidal wave of attacks in recent months.

The hit rate appears to have dropped off somewhat in recent weeks, but the community braced itself for Anthropic’s Mythos release last week.

In the end, it turned out the model’s cybersecurity capabilities had been heavily “nerfed.”

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

This article originally appeared on Protos. Read the full article at the source: https://protos.com/aztec-network-hit-by-second-hack-this-week-as-escapehatch-drained-of-2m/