Aztec Network Exploited for $2.15M via ZK Proof–L1 Settlement Mismatch

Attacker declined the offered 50% bounty and routed stolen funds to Tornado Cash rather than returning them.

Exploit loss confirmed at $7.5M; mechanism identified as transaction approval trap; DeFi security risk framing added.

Attacker who executed the MEV bot reversal attack on jaredfromsubway.eth transferred a portion of the $7.5M exploit proceeds into Tornado Cash.

Aztec suffered a second exploit within the same week; Starknet AMM mySwap separately drained for $300K in a distinct incident on the same day.

SlowMist confirmed Aztec suffered a second exploit of approximately $2.1M within less than a week of the first $2.19M exploit, both attributed to deprecated contract vulnerabilities.

Additional reporting confirmed the Aztec Network exploit at $2.19M with SlowMist attributing it to a deprecated Aztec Connect contract, complementing the ZK proof mismatch root cause identified June 15.

VARA issued specific requirements for crypto firms to use data-driven risk models with mandatory quarterly updates, expanding on general AML tightening reported June 14.

Aztec Network suffered a $2.15M exploit with root cause confirmed as a ZK proof–L1 settlement mismatch, consistent with prior warnings about legacy DeFi contract risk.

CoinDesk specifically flagged AI-speed hackers as the next potential billion-dollar threat to crypto, building on prior AI exploit acceleration reporting.

A new report highlights AI systems actively accelerating the identification of DeFi attack vectors, adding a systematic threat dimension to the isolated exploit incidents reported previously.