Aztec’s Private Rollup Bridge suffered a security breach on June 18, 2026, resulting in the theft of roughly $2.2 million in crypto assets. The incident drained 1,158 ETH, 150,000 DAI, and 0.4696 renBTC from the bridge’s holdings. SlowMist, a blockchain security firm, identified the exploit and confirmed the loss amount.
Technical Failure Behind the Attack
The attacker targeted the RollupProcessor contract (address 0x737901…a2ba) by abusing the escapeHatch() function, which lacked essential access controls. Missing safeguards such as an onlyOwner modifier, rollup‑provider validation, and signature verification allowed the malicious actor to submit a falsified escape‑hatch proof. Under specific conditions, the contract accepted the proof without confirming the legitimacy of the withdrawal request.
Implications for Investors and the Crypto Market
Investors now face heightened risk exposure as dormant smart contracts continue to store valuable assets after migration to newer systems. The breach adds pressure on the broader crypto market, prompting stakeholders to reassess the security of legacy blockchain components. Ongoing scrutiny from firms like SlowMist underscores the need for robust safeguards to protect crypto holdings and maintain market confidence.