Aztec Connect Exploited for $2.1 Million From Deprecated Contract
Aztec Connect Exploited for $2.1 Million – Deprecated Contract Vulnerability Exposed Three Years After Shutdown
Key Takeaways
- An attacker drained approximately $2.19 million from Aztec Connect on June 14 by exploiting a flaw in its proof verification logic.
- Blockchain security firm CertiK identified the suspicious transaction involving the Aztec Network Router contract on Ethereum.
- The Aztec Foundation stated that the incident does not affect the AZTEC ERC-20 token or the current Aztec network contracts.
- Aztec Connect was deprecated three years ago and cannot be paused or upgraded by Aztec Labs.
- The exploit adds to monthly DeFi losses of about $43.93 million, according to DeFiLlama.
Attack Targets Deprecated Aztec Connect Contract
On June 14, an attacker drained more than $2.1 million from Aztec Connect by exploiting a vulnerability in the platform’s proof verification logic. The suspicious transaction was flagged by blockchain security firm CertiK on X.
According to CertiK, the exploit involved the Aztec Network Router contract on Ethereum. The security firm reported that around $2.19 million was removed in a single transaction linked to a specific wallet address. CertiK described the incident as stemming from incomplete validation of submitted proof data within one of the contract’s functions.
Aztec Connect, which has been deprecated for three years, is no longer under the operational control of Aztec Labs. Despite its shutdown, the contract remained accessible on-chain, which allowed the attacker to interact with it.
Incomplete Proof Validation Enabled Manipulated Withdrawals
CertiK’s preliminary analysis indicates that the exploited contract function verified only the beginning portion of the submitted proof data. Other elements embedded within the same data structure, including token transfer instructions, may not have been fully checked.
This incomplete validation appears to have created a pathway for the attacker to manipulate withdrawal logic. By embedding unauthorized transfer instructions in parts of the proof data that were not properly verified, the attacker was able to execute withdrawals that resulted in the loss of approximately $2.19 million.
The details shared so far focus specifically on the technical verification process within the deprecated contract. No additional vulnerabilities have been reported in relation to the current Aztec infrastructure.
Aztec Foundation: No Impact on Current Network or AZTEC Token
Following the alert from CertiK, the Aztec Foundation confirmed that it had been notified of a potential exploit involving Aztec Connect. In a public statement, the foundation clarified that the incident does not affect the AZTEC ERC-20 token or any smart contracts associated with the current Aztec network.
The foundation emphasized that Aztec Connect was deprecated three years ago. As a result, Aztec Labs no longer maintains control over the system. The organization further stated that it does not hold administrative keys for the deprecated contract and has no ability to pause or upgrade it.
Aztec Labs confirmed that an active investigation is underway. However, the team reiterated that it cannot intervene technically, given the absence of administrative control mechanisms over the legacy system.
Part of Broader Wave of DeFi Exploits in June
The Aztec Connect incident occurred shortly after another exploit on the Solana network. In that case, attackers drained approximately $1.3 million from five legacy liquidity pools associated with Raydium.
According to data cited from DeFiLlama, exploits recorded this month have collectively resulted in losses of around $43.93 million. The Aztec Connect case contributes more than $2 million to that monthly total.
Both the Aztec Connect and Raydium incidents involved legacy or older components. In the Raydium case, the targeted liquidity pools were described as legacy pools. In the Aztec case, the exploited system had been deprecated for three years.
For users interacting with decentralized finance protocols, these incidents highlight that older or discontinued contracts can remain accessible on-chain even after active development and support have ceased.
Relevance for Crypto Platform Users and Risk Monitoring
For users of crypto-based platforms, including those evaluating payment infrastructure in sectors such as crypto betting and iGaming, smart contract integrity remains a central consideration. Even when a product or service is no longer actively supported, its contracts may continue to exist on public blockchains.
In this case, the Aztec Foundation made clear that the current Aztec network and the AZTEC ERC-20 token were not affected. The vulnerability was isolated to Aztec Connect, a deprecated component outside the operational control of Aztec Labs.
Security monitoring firms such as CertiK play a role in detecting and publicly flagging suspicious on-chain transactions. Their alerts often provide the first indication of irregular contract interactions before official statements are released by affected teams.
Our Assessment
The June 14 exploit resulted in approximately $2.19 million being drained from a deprecated Aztec Connect contract due to incomplete proof validation. The Aztec Foundation confirmed that the current Aztec network and AZTEC ERC-20 token were not impacted and that Aztec Labs has no administrative control over the legacy system. The incident adds to nearly $43.93 million in DeFi-related losses recorded this month, as reported by DeFiLlama, and follows a separate $1.3 million exploit involving legacy liquidity pools on Raydium.
