Aztec Connect Exploit Drains $2.1M From Deprecated Platform

By Aishwarya shashikumar | Edited By Messam Raza,June 15, 2026, 1:30 PM

The dangers of old decentralized finance platforms came back into focus this week. Aztec Connect, a discontinued DeFi bridge, lost around $2.1 million after an attacker exploited a weakness in its verification process.

Aztec Labs confirmed that it was investigating the incident after funds were transferred from the platform’s smart contract. The team stressed that the exploit did not affect users or assets on the current Aztec Network. The attack targeted Aztec Connect, which was retired in March 2023 when the company shifted its attention to a newer version of the network.

The stolen funds included 909 Ether, 270,000 DAI, 167 wrapped staked Ether, and several other digital assets. Even though the platform was no longer active, its immutable smart contract still held more than $2 million worth of crypto.

Also Read: Raydium Exploit Refund Promised After $1.3M Solana Pool Loss

Aztec Connect Verification Flaw Opened the Door

According to blockchain security firm BlockSec, the attacker took advantage of a mismatch between transaction verification and settlement on Ethereum.

The flaw allowed verified transactions to be interpreted differently from the transaction set enforced by the platform’s zero-knowledge proof system. As a result, the attacker could create balances that were not properly backed by assets on Ethereum.

How $2.1M got drained from Aztec Connect:

– Aztec Connect was a privacy based zkRollup on Ethereum

– Aztec Labs shut it down in 2023 to focus on newer tech

– Users were given over a year to withdraw their funds

– In 2024, Aztec gave up control of the system and removed admin… pic.twitter.com/O0WiYOI4nY

— Param (@Param_eth) June 14, 2026

Once those balances appeared valid within the system, they could be withdrawn. BlockSec reported that the attacker repeated the process seven times across seven different assets, eventually draining the contract.

Aztec Connect Incident Highlights DeFi Risks

The exploit adds to a growing list of crypto security incidents this month. Data from DeFiLlama shows that at least $44 million has been stolen through various exploits in June alone.

Aztec Connect’s case is particularly notable because the platform had already been shut down. Since its contracts were fully immutable, Aztec Labs had no ability to pause, upgrade, or intervene once the vulnerability was exploited.

Developers say the attack serves as a warning for the wider DeFi sector. Even abandoned protocols can remain attractive targets if valuable assets are still locked inside smart contracts. As long as funds remain on-chain, attackers will continue searching for weaknesses, regardless of how old the platform may be.

Also Read: Aztec Launches Ignition Chain on Ethereum, Boosting Privacy-Driven DeFi