Aztec Connect’s abandoned smart contract exploited for $2.1M
Aztec Connect, a deprecated DeFi bridge on Ethereum, was drained of about $2.1 million after an attacker exploited a mismatch in its transaction verification and settlement logic. The issue let verified transactions be interpreted differently by the verification path and Ethereum settlement, enabling the attacker to create unbacked balances and withdraw funds. The theft occurred across seven transactions and involved assets including 909 ETH, 270,000 DAI, and 167 wstETH. Aztec Labs said the incident affected only the old Aztec Connect contract, not users or assets on the current Aztec Network. The exploit adds to a month of heavy crypto losses, with about $44 million stolen across multiple attacks. Aztec Connect had been deprecated in March 2023 and its contracts are now immutable, highlighting that abandoned DeFi systems can remain vulnerable long after shutdown.
