The abandoned protocol Aztec Connect was hacked again. As security specialists from BlockSec Phalcon and SlowMist reported, on June 18 an attacker withdrew about another $2.2 million from it. This is already the second blow to the protocol in a week after the attack on June 14.
This time the hacker stole 1,158 ETH, 150,000 DAI, and about 0.47 of a renBTC token. The attack is in many ways similar to the previous one but was aimed at a different pool of funds and carried out through a different entry point.
Want more exclusive news and analytics? Subscribe to our Telegram channel, discuss the news and share your opinions on the latest market events in the chat!
How the repeat hack happened
The vulnerability was in a function called escapeHatch. Usually such a mechanism is needed so that users can withdraw their funds directly if the main system has stopped working. The problem is that this function turned out to have no access-rights check — effectively the door was open to anyone.
To put it simply, the system was supposed to verify whether the person actually owns the funds they are trying to withdraw. But because of an error in the code this procedure could be bypassed: the attacker essentially presented a fake "proof" of ownership of the assets, and the contract believed them, handing over other people's cryptocurrencies.
A curious detail: the vulnerable mechanism itself had long been removed by the developers from the main code. However, the contract deployed on the network still contained the old verifying module, and this turned out to be enough for the attack to work. In essence the breach had waited for its hour for years in code that everyone considered inactive.
Why it was impossible to stop the attack
The root of the problem is that Aztec Connect is a long-abandoned product. The protocol was a bridge for private operations in decentralized finance (DeFi) on the Ethereum blockchain, but it was decommissioned back in 2023 when the team switched to a new network.
Source: BeInCrypto
Новости в мире криптовалют
Random quote about money
"Деньги - самое абстрактное и "безличное" из всего того, что существует в жизни людей."
Interesting posts in other sections of the blog
* to search the proxy database, just enter a country name, e.g. Russia, USA, Thailand