Attacker drains $2.1M from deprecated Aztec Connect
An attacker exploited a verification bug in the deprecated Aztec Connect smart contract on Sunday, withdrawing about $2.1 million including 909 ETH and 270,000 DAI.
An attacker exploited a verification bug in the deprecated Aztec Connect smart contract on Sunday and withdrew roughly $2.1 million in cryptocurrency from the platform’s immutable contract.
Blockchain records show the attacker moved 909 Ether (ETH), 270,000 Dai (DAI), 167 wrapped staked ETH (wstETH) and smaller amounts of other tokens. The withdrawal was carried out in seven transactions across seven different assets.
Aztec Labs posted on X that it was “investigating a potential exploit affecting Aztec Connect” and confirmed approximately $2.1 million had been transferred from the platform’s contract. The post noted the incident did not affect the live Aztec Network or its users, and added that the team holds no admin keys and cannot pause or upgrade the deprecated contracts.
Analysis by a crypto security firm found the vulnerability stemmed from a mismatch between how Aztec Connect verified transactions and how those transactions were settled on Ethereum. Verified transactions recorded in the contract were not bound to the transaction set enforced by the zero-knowledge proof, allowing the contract’s verification path and Ethereum settlement logic to interpret the transaction list differently.
The discrepancy let the attacker craft transaction entries that the contract treated as credited value without proper on-chain validation, creating unbacked balances that could be withdrawn. The exploit was repeated seven times across different tokens before the funds were moved out.
Aztec Connect launched in 2022 as a DeFi bridge and was deprecated in March 2023, when deposits were halted and development work shifted to a next-generation Aztec Network. A developer using the handle Param wrote that the smart contracts were “fully immutable” after deprecation and could no longer be upgraded or paused, preventing direct intervention to stop the exploit or patch the code.
Security trackers have recorded about $44 million stolen from at least a dozen exploits so far this month. Investigators and security teams are continuing to trace the stolen funds and monitor on-chain activity related to the incident.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
