Aztec suffered a second breach within three days, with attackers siphoning roughly $2.5 million from the protocol’s Private Rollup Bridge due to a flaw in its escape‑hatch mechanism.
Mechanics of the Aztec Exploit
The recent attack exploited a design oversight that allowed malicious actors to trigger the bridge’s emergency exit function without proper verification. Earlier in the same week, a separate vulnerability surfaced when transaction counters diverged from the rollup data that the blockchain was meant to commit, exposing additional funds to theft. Both incidents underscore how intricate interactions between on‑chain contracts and off‑chain verification can open unexpected attack surfaces.
Broader Risks for Layer‑2 and Zero‑Knowledge Projects
Investors and developers now face heightened scrutiny as Layer‑2 solutions and zero‑knowledge architectures become prime targets for sophisticated exploits. The dual Aztec incidents illustrate that safeguarding complex blockchain ecosystems demands continuous audit of both smart contract code and the surrounding infrastructure. Market participants should monitor emerging security protocols that aim to seal gaps between decentralized applications and their underlying verification layers.
MEV Operator jaredfromsubway.eth Loses $15 Million
Ethereum MEV operator jaredfromsubway.eth reported a loss of approximately $15 million after an attacker rewrote the bot’s automated trading logic instead of exploiting a conventional smart contract bug. The intruder fabricated wrapped assets and manipulated liquidity pools to create a false sandwich opportunity, prompting the bot to grant permission for asset extraction. This novel attack vector highlights the need for robust access controls within crypto‑trading automation, as investors increasingly rely on algorithmic strategies for market participation.