Aztec Network Suffers $2.2 Million Exploit via Emergency Withdrawal Flaw

The Aztec Network has fallen victim to a significant security breach resulting in the loss of approximately $2.21 million in digital assets. The exploit targeted a critical vulnerability within the protocol's emergency "escape hatch" mechanism, a feature designed as a failsafe for users that ultimately served as an entry point for an opportunistic attacker. This incident marks the second major blow to the network in less than a week, highlighting persistent concerns regarding the protocol's smart contract security.

The Failure of the Escape Hatch

The breach centered on the RollupProcessor.escapeHatch() function, which is intended to allow users to reclaim their funds if standard rollup operations cease to function. However, the function lacked fundamental security protocols, including owner-only restrictions, rollup provider authorization, and essential signature verification. By exploiting a specific scenario where the rollupSize was set to zero, the attacker successfully convinced the protocol's TurboVerifier contract to accept a fraudulent proof, bypassing the standard access controls meant to protect user capital.

Exploiting Proof Validation and Data Oversight

Once the fraudulent proof was accepted, the processDepositsAndWithdrawals() function executed the transfers based solely on manipulated public inputs provided by the hacker. The smart contract failed to perform independent checks to verify if the recipient was the rightful owner or if the withdrawal request aligned with actual user balances. This over-reliance on unverified proof data allowed the attacker to drain 1,158 ETH, 150,000 DAI, and 0.4696 renBTC. Coming just three days after a $2.19 million loss from the network's router contract, this latest exploit underscores a broader trend of escalating DeFi vulnerabilities in 2026.