Legacy Aztec Connect Contract Drained Of $2.1 Million Three Years After Shutdown
A deprecated Aztec Connect contract was reportedly exploited for about $2.1 million, or roughly 909 ETH, on June 14. The affected code was the legacy immutable RollupProcessorV3 contract, not Aztec’s current network. Aztec Connect was shut down in March 2023, and because the contract was immutable, Aztec Labs reportedly had no admin keys to pause, upgrade, or recover funds. The incident highlights a broader DeFi risk: old smart contracts can stay live and hold assets long after a project has been deprecated. Those contracts can remain vulnerable even when the front end is gone and the team has moved on. Reports tied the flaw to ZK proof-verification logic, but the main takeaway is simple: “shutdown” does not mean “safe” if funds still sit on-chain. Users should regularly check for balances in sunset or replaced protocols.
