Aztec Labs mentioned it’s investigating a possible exploit affecting a deprecated Aztec payments product from 2021.
Abstract
- Aztec Labs says about $2m moved from a deprecated 2021 payments product contract on Ethereum.
- The Aztec Basis says present contracts and AZTEC ERC20 token are unrelated to this incident.
- The brand new probe follows a separate Aztec Join exploit reported solely days earlier this week.
In an Aztec Labs post, the group mentioned about $2 million was transferred from an immutable sensible contract in an Etherscan transaction on June 17.
The corporate mentioned the affected product was an “immutable stage 2 rollup” that was sundown in 2022. It additionally mentioned Aztec Labs holds no admin keys or management over the system, that means it can not pause or improve the old contract.
Basis says present community is separate
The Aztec Basis mentioned it was made conscious of the doable exploit on June 17. In a Foundation post, it mentioned there are “no hyperlinks” between the deprecated product and any sensible contracts tied to the present community or the AZTEC ERC20 token.
The muse additionally mentioned the product was deprecated 4 years in the past and that Aztec Labs now not controls the system. It directed customers to Aztec Labs for updates because the group critiques the transaction and the affected contract.
Second old-product incident in days
Aztec Labs mentioned the most recent case is separate from the June 14 exploit involving Aztec Join, one other deprecated product. As beforehand reported by crypto.information, Aztec Connect lost $2.1 million after an old immutable sensible contract was exploited.
Based on an earlier crypto.information report, the Aztec Connect attack concerned a verification mismatch that allow unbacked balances transfer by way of Ethereum settlement information. Safety companies later traced the problem to an old RollupProcessorV3 contract.
Old immutable contracts stay a threat
The brand new case once more factors to an issue dealing with discontinued DeFi merchandise. Even after a product shuts down, its contracts can stay reside on Ethereum. If funds keep inside immutable contracts, attackers should still search for paths to maneuver them.
That creates a tough response downside. A reside group could possibly warn customers and observe funds, however it might not be capable to cease an old contract that has no admin controls. Aztec Labs mentioned it’s going to share additional updates “sooner or later.”
For now, Aztec Labs and the Aztec Basis are drawing a transparent line between the old payments product and the present community. The primary declare from each teams is that the incident considerations a deprecated system, not the energetic Aztec community or the AZTEC token.
