{"id":31896,"date":"2026-06-15T05:46:38","date_gmt":"2026-06-15T05:46:38","guid":{"rendered":"https:\/\/bitunikey.com\/news\/aztec-connect-loses-2-1m-after-old-contract-exploit\/"},"modified":"2026-06-15T05:46:45","modified_gmt":"2026-06-15T05:46:45","slug":"aztec-connect-loses-2-1m-after-old-contract-exploit","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/aztec-connect-loses-2-1m-after-old-contract-exploit\/","title":{"rendered":"Aztec Connect loses $2.1m after old contract exploit"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Aztec Connect, a deprecated DeFi bridge linked to the privacy-focused Aztec ecosystem, was exploited on Sunday after an attacker drained about $2.1 million from an old Ethereum smart contract.<\/p>\n<div id=\"cn-block-summary-block_814e33fc4ae0d9b453f885cd42a03388\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Aztec Connect\u2019s old contract lost $2.1m, while the current Aztec Network stayed unaffected, Aztec said.<\/li>\n<li>The attack used a verification mismatch, letting unbacked balances move through settlement on Ethereum records.<\/li>\n<li>DeFiLlama data shows June already has several hacks, led by Humanity Protocol and Syscoin losses.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>Aztec Labs said on X that it was \u201cinvestigating a potential exploit affecting Aztec Connect.\u201d The team said about $2.1 million had moved from the platform\u2019s immutable contract, but added that current Aztec Network users and assets were not affected.<\/p>\n<p>The statement drew attention because Aztec Connect was no longer an active product. The platform was deprecated in March 2023 after Aztec Labs shifted work to the next version of its privacy network.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We are investigating a potential exploit affecting Aztec Connect.  ~$2.1m was transferred from the immutable smart contract in transaction:<a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/5WrfeR8bbJ\">https:\/\/t.co\/5WrfeR8bbJ<\/a><\/p>\n<p>Aztec Connect was deprecated 3 years ago. Aztec Labs holds no admin keys or control over the system; it cannot be\u2026<\/p>\n<p>\u2014 Aztec Labs (@AztecLabs_) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/AztecLabs_\/status\/2066175340926345555?ref_src=twsrc%5Etfw\">June 14, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Old Aztec Connect funds stayed in the contract<\/strong><\/h2>\n<p>Aztec Connect had once allowed users to access DeFi through a privacy-focused ZK rollup. Deposits were halted when the system was phased out, and users had time to withdraw their funds from the old platform.<\/p>\n<p>Some assets remained in the contract. Crypto developer Param said the contracts later became \u201cfully immutable\u201d and could no longer be upgraded or paused. Aztec Labs also said it holds no admin keys or control over the old system.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How $2.1M got drained from Aztec Connect:<\/p>\n<p>\u2013 Aztec Connect was a privacy based zkRollup on Ethereum<\/p>\n<p>\u2013 Aztec Labs shut it down in 2023 to focus on newer tech<\/p>\n<p>\u2013 Users were given over a year to withdraw their funds<\/p>\n<p>\u2013 In 2024, Aztec gave up control of the system and removed admin\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/O0WiYOI4nY\">pic.twitter.com\/O0WiYOI4nY<\/a><\/p>\n<p>\u2014 Param (@Param_eth) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/Param_eth\/status\/2066198088168227031?ref_src=twsrc%5Etfw\">June 14, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Unlike a live protocol, the old Aztec Connect system had no operator able to pause activity. That made the response depend on public warnings, tracing, and checks by remaining affected users online.<\/p>\n<p>That setup left no simple way to stop the exploit once the attacker found the path. The old code still lived on Ethereum, and the contract still held funds, even though the product had been abandoned.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Security firms explain the attack<\/strong><\/h2>\n<p>BlockSec\u2019s Phalcon team <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/Phalcon_xyz\/status\/2066372401198502083\" target=\"_blank\" rel=\"nofollow\">said<\/a> the attack targeted Aztec Connect\u2019s RollupProcessorV3 contract on Ethereum. The firm said losses exceeded $2.15 million after suspicious activity hit the contract.<\/p>\n<p>According to BlockSec, the issue involved a mismatch between how transactions were verified and how they were settled on Ethereum. In simple terms, the proof system and the settlement logic did not read the transaction list in the same way.<\/p>\n<p>That gap allowed the attacker to create balances that were not backed by valid value on Ethereum. The attacker then withdrew those balances. The same pattern was repeated seven times across several assets.<\/p>\n<p>CertiK data shared on X listed the stolen assets as including 909 ETH, around 270,000 DAI, 167 wrapped staked ETH, and smaller amounts of other tokens. Param also said the attacker funded the wallet through Tornado Cash before the exploit.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/hashtag\/CertiKInsight?src=hash&amp;ref_src=twsrc%5Etfw\">#CertiKInsight<\/a> \ud83d\udea8<\/p>\n<p>We have detected a suspicious transaction that drained <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/aztecnetwork?ref_src=twsrc%5Etfw\">@aztecnetwork<\/a> Router contract of ~$2.19M by 0x0f18d8b44a740272f0be4d08338d2b165b7edd17 on Ethereum.<a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/MizKXnEkTM\">https:\/\/t.co\/MizKXnEkTM<\/a><\/p>\n<p>Stay Vigilant! <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/iUYMtenQYY\">pic.twitter.com\/iUYMtenQYY<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/CertiKAlert\/status\/2066156825666543871?ref_src=twsrc%5Etfw\">June 14, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\"><strong>June hack losses keep rising<\/strong><\/h2>\n<p>The Aztec Connect exploit adds to another active month for DeFi security incidents. DeFiLlama\u2019s hacks tracker <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/defillama.com\/hacks\" target=\"_blank\" rel=\"nofollow\">shows<\/a> several June losses, including $30 million from Humanity Protocol on June 8 and $8 million from Syscoin Bridge on June 7.<\/p>\n<p>As previously reported by crypto.news, Humanity Protocol said more than $36 million was stolen after attackers compromised administrative keys linked to its bridge infrastructure across Ethereum and BNB Smart Chain.<\/p>\n<p>Crypto.news also reported that hack losses fell to $68.3 million in May, down nearly 90% from April. Still, CertiK said code flaws caused about $45 million of May\u2019s losses, making them the largest attack path for that month.<\/p>\n<p>The Aztec case shows why old DeFi contracts remain part of the security map. Even when a product is discontinued, any funds left in immutable contracts can still draw attackers years later.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Aztec Connect, a deprecated DeFi bridge linked to the privacy-focused Aztec ecosystem, was exploited on Sunday after an attacker drained about $2.1 million from an old Ethereum smart contract. Summary&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-31896","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/31896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=31896"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/31896\/revisions"}],"predecessor-version":[{"id":31897,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/31896\/revisions\/31897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29669"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=31896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=31896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=31896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}