Aztec Bridge Hack 2026: ZK Proof Vulnerabilities
Key Takeaways:Two separate Aztec bridge exploits in June 2026 drained a combined ~$4.26M — $2.1M from Aztec Connect on June 14, and $2.16M from a legacy rollup bridge within days, according to Halborn's post-mortem.The Aztec Connect hack exploited two discrete ZK circuit bugs: a 68-bit top-limb overflow constraint and an unconstrained remainder variable — together enabling arbitrary value generation without valid proof of asset ownership.The second hack targeted an emergency "escape hatch" withdrawal function that trusted tampered transaction data without independently verifying asset ownership on L1.Aztec Connect had been officially deprecated since March 2023 — the contract sat exploitable on-chain for over 3 years before attackers struck, illustrating what can be called the "Ghost Ship Problem" of immutable legacy code.As of June 15, 2026, 100% of the stolen $2.1M from the Connect hack remained untouched in attacker EOA 0x0F18D8b44a740272f0be4d08338d2b165b7EdD17, with Aztec Labs unable to intervene due to immutable contract design.Table of Contents
- Background: What Was Aztec Connect?
- What Happened in June 2026?
- Bug #1: The 68-Bit Top Limb Overflow
- Bug #2: The Unconstrained Remainder
- The Second Hack: Escape Hatch Exploitation
- Three Systemic ZK Security Failures Exposed
- The Ghost Ship Problem: Immutability as a Liability
- Comparison: ZK Bridge Security Models
- Practical Lessons for Bridge Architects
- Frequently Asked Questions
Background: What Was Aztec Connect?
The Aztec bridge hack 2026 exposed critical vulnerabilities in zero-knowledge proof circuits. Zero-knowledge proofs are supposed to make blockchain protocols more secure — mathematically verifiable, trust-minimized, and resistant to manipulation. So when two exploits hit Aztec's bridge infrastructure in a single week during June 2026, the crypto security community had to confront an uncomfortable reality: a ZK proof is only as strong as the constraints that define it.
To understand the vulnerabilities, you need to understand what Aztec Connect was at the protocol level. Aztec Connect was a ZK-rollup bridge that allowed Ethereum users to interact with L1 DeFi protocols — Curve, Lido, Element Finance, and others — while maintaining privacy. Transactions were batched into rollup blocks, a SNARK proof (specifically a PLONK-based proof) was generated over the batch, and the proof was verified on-chain by an L1 smart contract before any state settlement occurred.
Aztec Labs officially deprecated Aztec Connect in March 2023, pivoting development resources to the next-generation Aztec Network with its new proving system, Chonk. But "deprecated" in smart contract terms doesn't mean "deactivated." The contracts remained live on Ethereum mainnet, holding user funds in a state of suspended animation — unpatched, unmonitored, and fully exploitable. That 3-year window between deprecation and exploitation is one of the most important data points in this entire incident.
What Happened in June 2026?
On June 14, 2026, an attacker drained the Aztec Connect Router Contract of approximately $2.1M in assets, according to Halborn's incident analysis. The stolen assets comprised 909 ETH, 270,000 DAI, and 167 wstETH.
Within days of the first attack, a second exploit hit a separate legacy rollup bridge, stealing an additional $2.16M: 1,158 ETH, 150,000 DAI, and 0.47 renBTC. Total losses across both attacks: approximately $4.26M in under one week, per reporting by KuCoin News.
Aztec Labs confirmed publicly that the current Aztec Network and the AZTEC ERC-20 token were entirely unaffected. The legacy Router Contract, however, was completely drained. And because the contracts were designed for full immutability — no admin keys, no upgrade proxies, no pause functions — Aztec Labs could not intervene in any form.
As of June 15, 2026, the entire $2.1M from the first hack remained untouched in attacker EOA 0x0F18D8b44a740272f0be4d08338d2b165b7EdD17 — a cold trail, no mixer interaction, no movement. The two hacks exploited completely different vulnerabilities, revealing distinct failure modes in ZK bridge design.
Bug #1: The 68-Bit Top Limb Overflow
ZK circuits operate on field elements — large integers within a finite field — and computations must stay within defined bounds. When a protocol needs to represent a large value (say, an ETH amount) inside a circuit, it often decomposes that value into smaller "limbs" that are easier to range-check and constrain within the circuit.
Aztec Connect's arithmetic circuits decomposed values into 4 limbs of 68 bits each. The full value was reconstructed as:
value = limb[0] + limb[1]·(2^68) + limb[2]·(2^136) + limb[3]·(2^204)The vulnerability: the top limb — limb[3] — was constrained to only 68 bits when the mathematical reality of the reconstruction formula required a stricter upper bound. Specifically, the constraint did not account for the fact that limb[3]·(2^204) could overflow the field modulus if limb[3] approached its 68-bit maximum.
A malicious prover could supply a value for limb[3] that, after multiplication and modular reduction, wrapped around the field and produced a different reconstructed value than intended. The circuit would accept this as valid — the constraint was satisfied — but the resulting value would not correspond to any legitimate user balance. The attacker could craft a ZK proof that the circuit would verify as correct, while the encoded withdrawal amount was inflated beyond anything they had deposited. The L1 smart contract, seeing a valid proof, released the corresponding funds.
This is a textbook range constraint insufficiency bug — analogous to validating that each digit of a number is between 0 and 9, but forgetting to check that the full number doesn't exceed the maximum allowed value after carries are applied.
Bug #2: The Unconstrained Remainder
The second bug operated at a higher level of abstraction — in the proportional accounting logic for multi-user rollup batches. When multiple users withdraw from a shared rollup state in a single batch, Aztec Connect used the following formula to calculate individual user outputs:
user_output × total_input + remainder = total_output × user_inputThis is essentially a proportionality check: your output should be proportional to your share of the total input. The remainder term exists to handle integer division rounding — since we're doing integer arithmetic in a finite field, some fractional remainder needs to be accounted for.
The vulnerability: the remainder variable had zero range constraints applied to it. In a properly constrained circuit, the remainder would be bounded to [0, total_input - 1] — the maximum valid rounding error. Instead, the remainder was left as a free variable.
A free variable in a ZK circuit is essentially a wildcard: the prover can set it to any value they want, and the circuit will accept it as satisfying the constraint. With an unconstrained remainder, the attacker could choose an arbitrary (inflated) user_output value, compute a remainder that makes the equation balance for that inflated output, generate a valid ZK proof with these forged parameters, and submit it. The L1 verifier accepts it; funds are released.
Critically, this bug meant there were multiple valid proof witnesses for a single transaction. A legitimate withdrawal and an inflated withdrawal could both satisfy the circuit — the mathematical constraints didn't uniquely bind the output to the correct value. Together, these two bugs compound dangerously, allowing an attacker to exploit either or both simultaneously to extract multiples of their deposited value.
The Second Hack: Escape Hatch Exploitation
The second exploit targeted a different contract — a legacy rollup bridge — using a fundamentally different attack vector. This one didn't require sophisticated circuit manipulation. It exploited a poorly secured emergency withdrawal function, sometimes called an "escape hatch."
Escape hatches are a standard design pattern in ZK rollups. The concept is sound: if the sequencer goes offline or becomes malicious, users should be able to force-withdraw their funds directly from the L1 contract without waiting for a new rollup block. This mechanism is a critical liveness guarantee.
The implementation failure here was architectural: the escape hatch function trusted submitted transaction data without independently verifying asset ownership on L1. Under normal (legitimate) conditions, the transaction flow worked like this:
- User submits an escape hatch withdrawal request to the L1 bridge contract
- Contract checks that the submitted proof corresponds to a valid L2 state
- Contract releases funds to the specified recipient
The flaw: step 2's verification was insufficient. The contract checked that the submitted data looked like a valid withdrawal proof but did not independently confirm that the withdrawing address actually controlled the claimed L2 balance. An attacker could submit tampered withdrawal proofs — proofs that passed the surface-level format check but referenced assets they didn't own — and the contract would release those assets, per KuCoin's incident report.
This is a verification-settlement binding failure at the emergency path level. Escape hatch functions are frequently written as simplified code paths — intentionally stripped-down to remain functional even if the main proof system is compromised. That simplification created a security hole wide enough to drain the contract, demonstrating why emergency withdrawal logic requires as much rigor as primary code paths.
Three Systemic ZK Security Failures Exposed
Reading the two hacks together, three structural failure modes emerge that should inform every ZK bridge design going forward.
Failure #1: Partial Verification Is Not Verification
ZK proof verification must bind all transaction parameters, not just the high-level transaction header. Aztec Connect's L1 verifier checked that a valid SNARK proof existed for the batch but did not independently enforce that the settlement logic used the exact same transaction set committed in the proof's public inputs. This is the verification-settlement decoupling problem: if your L1 contract settles based on data that was only partially checked against the ZK proof, an attacker can inject data into the settlement layer that the proof never actually committed to. The proof verifies; the contract pays out the wrong amounts.
Failure #2: L1 Cannot Outsource Verification to the Circuit
A subtle but critical design principle: the L1 settlement contract must independently verify every public input slot committed in the ZK proof. You cannot assume the circuit correctly enforced all constraints just because the SNARK verifier returned true. Why? Because the SNARK verifier only checks that the prover knew a valid witness for the given circuit.
If the circuit itself has under-constrained variables (as in Bug #2 above), the SNARK verifier will happily return true for a malicious witness. The L1 contract needs a second layer of sanity checks — verifying that public outputs fall within expected ranges, that claimed balances are consistent with on-chain state, and that the settlement amounts match the committed proof data exactly.
Failure #3: Under-Constrained Circuits Are Silent Failures
This is perhaps the most dangerous failure mode in ZK engineering. An over-constrained circuit will reject valid proofs — a loud, obvious failure that gets caught in testing. An under-constrained circuit will accept invalid proofs silently — everything looks correct until an attacker finds the free variable. Standard unit tests and even many formal audits will miss under-constrained variables because test cases typically supply correct witnesses.
You need adversarial constraint analysis: explicitly attempting to find alternative valid witnesses for the same public inputs. Tools like 0xPARC's ZK Bug Tracker catalogue these failures across protocols, and the pattern recurs with alarming frequency in production ZK bridges.
The Ghost Ship Problem: Immutability as a Liability
There's a concept in ZK bridge security that this incident crystallizes perfectly, and it needs a name: the Ghost Ship Problem.
A Ghost Ship contract is a deprecated smart contract that continues to drift on-chain, holding real funds, with no crew — no developer team monitoring it, no ability to patch vulnerabilities, and no mechanism to evacuate assets when a threat is discovered. The contract is "dead" from a development standpoint but very much alive from an attacker's standpoint.
Aztec Connect's Ghost Ship timeline spans from March 2023 (official deprecation) to June 2026 (exploitation) — a 3+ year exposure window of unpatched, live attack surface. The immutability that makes smart contracts trustworthy — no admin can rug-pull users — is exactly what made remediation impossible here. According to the Bitcoin Foundation's coverage of the incident, Aztec Labs explicitly confirmed they could not intervene because the contracts were designed without upgrade or pause mechanisms.
This creates an uncomfortable design tension that every protocol must resolve deliberately: full immutability offers maximum trust minimization but zero remediation capability, while upgradeable proxy patterns enable emergency patching but introduce centralization risk. A middle ground involves timelocked admin powers with guardian multisigs — allowing emergency pauses while preserving transparency through mandatory delays. The Aztec incident argues strongly that "pure immutability" should not be the default for contracts holding significant user funds, especially ones with planned deprecation timelines.
A deprecation path should include a forced migration mechanism — a deadline after which the contract refuses new deposits and gradually reduces withdrawal windows. If immutability is a design requirement, build the exit mechanism into the original contract. Ghost Ships are not inevitable — they're a planning failure.
Comparison: ZK Bridge Security Models
The Aztec exploits don't exist in isolation. ZK-based bridging is the frontier of cross-chain security research, and different protocols have made different tradeoffs. Here's how major approaches compare on the dimensions this incident exposed:
| Protocol / Approach | Verification Layer | Constraint Auditing | Emergency Withdrawal | Upgradeability | Legacy Contract Risk |
|---|---|---|---|---|---|
| Aztec Connect (legacy) | PLONK SNARK on-chain | Insufficient (bugs found post-hoc) | Escape hatch (exploited) | None (fully immutable) | Critical — 3-year exposure |
| Aztec Network (current) | Chonk proving system, client-side | Active development, Poseidon2 | Redesigned (not yet public) | TBD | Not applicable (new contracts) |
| StarkNet / StarkEx | STARK proof + on-chain verifier | Formal verification tools available | L1 escape hatch exists | Proxy upgradeable (timelocked) | Moderate — proxy mitigates |
| zkSync Era | Boojum STARK proof | Formal audit program | Priority queue mechanism | Upgradeable (governance delay) | Low — active migration paths |
| Teleswap (TeleBTC) | Bitcoin SPV light client proofs on L1 | Light client verification on EVM | Non-custodial by design | Non-custodial, no admin keys | Low — no wrapping custodian |
| WBTC | Custodian-based (BitGo) | N/A — trust-based | Custodian intervention | Custodian controlled | Custodian risk, not contract risk |
The Teleswap row is worth unpacking in context here. Teleswap, built by TeleportDAO, takes a structurally different approach to cross-chain Bitcoin bridging: rather than wrapping BTC under a custodian (WBTC model) or using threshold signatures (tBTC model), it verifies Bitcoin transactions directly on the destination chain using SPV (Simplified Payment Verification) light client proofs. The security model is anchored to Bitcoin's own proof-of-work rather than to ZK circuit correctness — meaning it sidesteps the category of constraint-level bugs that hit Aztec entirely.
This distinction is crucial: trustless bridge risks manifest differently across models. For ZK-proof-based bridges like Aztec, the risk surface includes circuit logic bugs, constraint under-specification, and arithmetic overflow. For SPV-based bridges like Teleswap's trustless Bitcoin to Ethereum bridge, the risk surface is limited to miner incentive attacks and light client synchronization failures. Neither is universally superior — but the Aztec incident illustrates that ZK circuit bugs can be catastrophic in ways that SPV-based bridges are structurally immune to.
Practical Lessons for Bridge Architects
If you're building or auditing a ZK-based bridge, the Aztec incident is a checklist of failure modes to test explicitly.
1. Adversarial Constraint Analysis Is Non-Negotiable
Standard audits test whether valid inputs produce valid outputs. ZK audits must additionally test whether invalid inputs can be made to produce valid proofs. Every variable in every circuit should have explicit range constraints. Every constraint should be checked for satisfying alternative witnesses. Tools like Circom's --r1cs inspector, Halo2's constraint system debugger, or formal methods via Lean/Coq should be part of the audit pipeline. This adversarial approach to constraint testing is what separates secure ZK bridges from exploitable ones.
2. L1 Contract Logic Must Not Trust Circuit Outputs Blindly
After a SNARK verifier returns true, the L1 settlement contract should still validate all claimed withdrawal amounts fall within expected ranges, total outflows don't exceed the last verified on-chain balance, and public input slots match expected encoding (no padding or manipulation). Defense in depth: treat the ZK proof as one security layer, not the only security layer. Cross-chain bridges like Bitcoin bridges to Ethereum should implement independent verification at the settlement layer regardless of their primary proof model.
3. Emergency Withdrawal Paths Need Full Security Review
Escape hatch functions are often written last, audited least, and exploited first. Any code path that bypasses the main proof verification system must be treated as a high-value attack surface. The Aztec escape hatch failure was not a ZK bug — it was a basic verification gap in a simplified code path. This teaches a critical lesson: emergency mechanisms are not "emergency shortcuts" — they demand equivalent rigor to primary code paths.
4. Deprecation ≠ Deactivation — Plan Your Sunset
Protocols must design explicit deprecation mechanisms before deploying contracts that will eventually need to be wound down. This means: deposit freeze at a specified timestamp, withdrawal deadline during which existing balances can be claimed, and self-destruct or fund drain to a designated safe address after the deadline. If immutability is a design requirement, build the exit mechanism into the original contract. Ghost Ships are not inevitable — they're a planning failure.
5. Value Decomposition Constraints Must Account for Field Arithmetic
The 68-bit limb overflow bug is a specific instance of a general failure: circuit designers must reason about values not just in isolation, but after all arithmetic operations applied to them. Overflow in a finite field is silent — there's no exception thrown. Every limb reconstruction, scaling operation, or modular reduction must be range-checked at the output, not just the input. When implementing Bitcoin to Ethereum swaps or other value transfers, ensure all arithmetic boundaries are explicitly constrained.
Frequently Asked Questions
What exactly is the Aztec bridge hack 2026?
The Aztec bridge hack 2026 refers to two separate exploits in June 2026 that drained approximately $4.26M from legacy Aztec bridge contracts on Ethereum. The first exploit on June 14, 2026 targeted Aztec Connect and stole $2.1M (909 ETH, 270,000 DAI, 167 wstETH). The second exploit, occurring within days, targeted a separate legacy rollup bridge and stole $2.16M. Both contracts had been deprecated since March 2023 but remained live and unpatched on-chain, per Halborn's analysis.
What is a ZK proof vulnerability and how was it exploited here?
A ZK proof vulnerability is a flaw in the mathematical constraints of a zero-knowledge circuit that allows a malicious prover to generate a proof that verifies as valid while encoding false claims. In the Aztec Connect hack, two bugs were exploited: a 68-bit top limb overflow that allowed arbitrary value generation through malformed limb decomposition, and an unconstrained remainder variable in the proportional output formula that allowed attackers to freely set their withdrawal amount while still satisfying the circuit's equations.
Was the current Aztec Network affected by these hacks?
No — the current Aztec Network, its new proving system (Chonk), and the AZTEC ERC-20 token were entirely unaffected by either exploit. The vulnerabilities existed exclusively in legacy contracts from the original Aztec Connect architecture, which was deprecated in March 2023. Aztec Labs confirmed this publicly but also confirmed they could not recover the stolen funds due to the immutable design of the legacy contracts.
What is the "escape hatch" vulnerability in the second hack?
The escape hatch (or emergency withdrawal function) in the second hack failed to independently verify that withdrawal requesters actually controlled the claimed L2 assets. Escape hatches are designed to let users force-withdraw funds if the rollup sequencer goes offline, but this implementation only checked that submitted data looked like a valid withdrawal proof — not that the withdrawing address owned the claimed balance. Attackers submitted tampered withdrawal proofs that passed this surface-level check, causing the contract to release assets they didn't own.
What is the "Ghost Ship Problem" in smart contract security?
The Ghost Ship Problem refers to deprecated smart contracts that remain permanently deployed on-chain with no ability to patch vulnerabilities, monitor for threats, or evacuate funds — creating an indefinitely exploitable attack surface. Aztec Connect is a defining example: deprecated in March 2023 but not exploited until June 2026, representing a 3-year exposure window with no remediation possible due to full contract immutability. The problem is structural: the same immutability that makes contracts trustless also makes them unpatchable.
How do bridge security models like Teleswap's SPV approach differ from ZK-proof bridges?
SPV (Simplified Payment Verification) bridge models like Teleswap verify Bitcoin transactions using cryptographic proofs derived directly from Bitcoin's blockchain, anchoring security to proof-of-work rather than ZK circuit correctness. This means SPV bridges are structurally immune to ZK constraint bugs — there are no arithmetic circuits to under-constrain. The tradeoff is that SPV assumes an honest Bitcoin miner majority and requires sufficient block confirmations. ZK-proof bridges offer stronger programmability and potential for faster finality, but introduce circuit-level risk that requires adversarial constraint auditing to manage safely.
What should developers do to prevent ZK proof vulnerabilities in bridges?
Developers should implement adversarial constraint analysis, layer L1-side sanity checks on top of SNARK verification, and subject emergency withdrawal code paths to full security review. Specific measures include: explicit range constraints on every circuit variable with adversarial witness testing, L1 contract validation of output amounts even after proof verification succeeds, and escape hatch functions that independently verify asset ownership rather than trusting submitted data. Additionally, protocols must design formal deprecation mechanisms into contracts before deployment — a deposit freeze, withdrawal deadline, and fund drain path — to prevent Ghost Ship scenarios.
Conclusion
The Aztec bridge hacks of June 2026 are not a story about ZK proofs being fundamentally broken. They're a story about three compounding failures: under-constrained circuit arithmetic, insufficient L1-side verification, and a 3-year Ghost Ship sitting unguarded on Ethereum mainnet.
ZK proof vulnerabilities are uniquely dangerous because they fail silently. An over-constrained circuit loudly rejects valid transactions — you catch it in testing. An under-constrained circuit silently accepts invalid proofs — you catch it when $4.26M goes missing. That asymmetry demands a shift in how ZK bridges approach security: adversarial circuit testing, defense-in-depth at the settlement layer, and planned deprecation built into every contract from day one.
The broader lesson for cross-chain bridge security is that the attack surface is always larger than the happy path suggests. Emergency withdrawal functions, value decomposition arithmetic, L1/L2 boundary assumptions — every simplification is a potential exploit. The protocols that survive are the ones that treat their own code with the same adversarial mindset that an attacker brings. For Bitcoin bridge security specifically, compare how Bitcoin bridges to Ethereum handle these risks differently.
Explore more technical deep-dives on bridge security, ZK infrastructure, and trustless cross-chain design at Teleswap Academy. And if you're moving BTC cross-chain and want to understand how SPV light client verification compares to ZK-based trust models, explore Teleswap's trustless BTC bridge.
