Aztec Connect Investigated After Potential $2.1M Exploit From Deprecated Ethereum Contract
Aztec Connect is under investigation after about $2.1 million worth of assets moved on June 14 from an old Ethereum smart contract tied to Aztec Connect. The affected system is a deprecated privacy product that is separate from the AZTEC ERC20 token and the current Aztec Network.
According to the Aztec Foundation, there is no confirmed link between the deprecated product and any smart contracts related to the AZTEC token or the current Aztec Network infrastructure. The Ethereum transaction was confirmed at 12:26:23 UTC and interacted with the Aztec Connect contract. The transfer included roughly 908.99 ETH and multiple ERC20 assets: 270,513 DAI, 167.89 wstETH, plus yield-token variants (yvDAI, yvWETH) and stablecoin assets (LUSD, yvLUSD). No exploit vector has been confirmed yet.
Aztec Connect was already in sunset mode. Deposits stopped in March 2023, withdrawals were supported until March 31, 2024, and the team renounced permissions and stopped the sequencer. The contract cannot be paused or upgraded now, and Aztec Labs reportedly has no admin keys. Any response therefore depends on investigation, on-chain tracing, user coordination, and potential recovery actions around the destination address.
The incident highlights a key DeFi risk: deprecated contracts can remain reachable via on-chain code paths even after a product is discontinued, limiting emergency controls for teams.
Neutral
This is a single-protocol, deprecated-contract risk event. While Aztec Connect is tied to privacy infrastructure, the article stresses there’s no confirmed link to the AZTEC token or the current Aztec Network, and no confirmed exploit vector yet. That reduces the probability of broad contagion across major tokens.
However, the on-chain movement of ~2.1M and the lack of admin pause/upgrade keys create near-term uncertainty for any holders interacting with legacy Aztec Connect flows. In similar past cases (e.g., incidents where funds moved out of smaller vaults/bridges or reward/distributor contracts), markets often react with short-lived volatility concentrated in affected venues and related privacy/ZK narratives, rather than the whole market.
For traders, the likely impact is limited and timing-sensitive: watch on-chain tracing for the destination address and any follow-on transfers. Longer term, the case may slightly raise perceived risk for “sunset” privacy/rollup components, encouraging more cautious liquidity management and tighter interaction policies—yet without confirmed AZTEC token linkage, systemic downside pressure is less likely.