•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Aztec Connect, a deprecated DeFi bridge tied to the privacy-focused Aztec ecosystem, was exploited on Sunday after an attacker drained about $2.1 million from an older Ethereum smart contract.
Aztec Labs said it was investigating a potential exploit affecting Aztec Connect. In a statement posted on X, the company said approximately $2.1 million had been transferred from the platform’s immutable contract, while current Aztec Network users and assets were not affected.
Aztec Connect was deprecated in March 2023 after Aztec Labs shifted its work to the next version of its privacy network. Aztec Labs also said it holds no admin keys or control over the old system.
Aztec Connect previously allowed users to access DeFi through a privacy-focused zk rollup on Ethereum. Deposits were halted when the system was phased out, and users were given time to withdraw funds from the older platform.
Crypto developer Param said the contracts later became “fully immutable,” meaning they could no longer be upgraded or paused. With no operator able to stop activity, the response relied on public warnings, tracing, and checks by remaining affected users.
BlockSec’s Phalcon team said the attack targeted Aztec Connect’s RollupProcessorV3 contract on Ethereum. The firm reported losses exceeding $2.15 million after suspicious activity hit the contract.
BlockSec said the exploit stemmed from a mismatch between how transactions were verified and how they were settled on Ethereum. In effect, the proof system and the settlement logic did not interpret the transaction list in the same way, allowing the attacker to create balances not backed by valid value on Ethereum and then withdraw those balances.
BlockSec said the same pattern was repeated seven times across several assets.
CertiK data shared on X listed the stolen assets as including 909 ETH, around 270,000 DAI, 167 wrapped staked ETH, and smaller amounts of other tokens. Param also said the attacker funded the wallet through Tornado Cash before the exploit.
The Aztec Connect incident adds to a busy month for DeFi security events. DeFiLlama’s hacks tracker shows multiple June losses, led by Humanity Protocol on June 8 and the Syscoin Bridge on June 7.
Humanity Protocol previously said more than $36 million was stolen after attackers compromised administrative keys linked to its bridge infrastructure across Ethereum and BNB Smart Chain.
Crypto.news reported that May’s hack losses fell to $68.3 million, down nearly 90% from April. CertiK said code flaws accounted for about $45 million of May’s losses, making them the largest attack path for that month.
The Aztec case highlights how discontinued DeFi systems can remain part of the security landscape. Even after a product is abandoned, funds left in immutable contracts can still be targeted years later.
Bitcoin (BTC) investors who use steady dollar-cost averaging (DCA) may be underperforming versus strategies that adjust exposure to the market’s cycle, according to new research arguing that Bitcoin’s behavior differs from traditional long-duration assets.
In a report cited by Markus Thielen of 10x Research, Bitcoin’s market…
