coin-img-ETHETH+5.08%coin-img-BTCBTC+2.54%coin-img-SOLSOL+6.45%coin-img-XRPXRP+6.77%coin-img-USDCUSDC+0.01%coin-img-HYPEHYPE+11.23%coin-img-TONCOINTONCOIN+3.60%coin-img-TRXTRX+0.82%coin-img-ETHETH+5.08%coin-img-BTCBTC+2.54%coin-img-SOLSOL+6.45%coin-img-XRPXRP+6.77%coin-img-USDCUSDC+0.01%coin-img-HYPEHYPE+11.23%coin-img-TONCOINTONCOIN+3.60%coin-img-TRXTRX+0.82%coin-img-ETHETH+5.08%coin-img-BTCBTC+2.54%coin-img-SOLSOL+6.45%coin-img-XRPXRP+6.77%coin-img-USDCUSDC+0.01%coin-img-HYPEHYPE+11.23%coin-img-TONCOINTONCOIN+3.60%coin-img-TRXTRX+0.82%coin-img-ETHETH+5.08%coin-img-BTCBTC+2.54%coin-img-SOLSOL+6.45%coin-img-XRPXRP+6.77%coin-img-USDCUSDC+0.01%coin-img-HYPEHYPE+11.23%coin-img-TONCOINTONCOIN+3.60%coin-img-TRXTRX+0.82%

Deprecated Aztec Connect Contract Exploited, $2.1M in Crypto Withdrawn

Aztec Connect, a retired DeFi product associated with Aztec Network, has been hit by an apparent smart-contract exploit that led to roughly $2.1 million in crypto being drained. Aztec Labs said on X it is investigating the incident and that about $2.1 million was transferred out of Aztec Connect's smart contract, adding that the event did not affect users or assets on the current Aztec Network. BlockSec attributed the loss to a flaw in Aztec Connect's transaction verification and settlement flow. The firm said transactions that passed Aztec Connect's verification path were not effectively bound to the transaction set enforced by the ZK proof, creating a mismatch in how the contract interpreted the transaction list on Ethereum. BlockSec said the inconsistency allowed the attacker to create unbacked balances and withdraw them. The attacker allegedly ran the method seven times across seven assets, amassing 909 ETH and 270,000 DAI, along with 167 wrapped staked ETH and other tokens. Separate reporting also referenced a CertiK post showing examples of some of the assets taken. Aztec Connect was deprecated in March 2023, when deposits were halted and the team shifted focus to the next-generation Aztec Network. Aztec Labs said it has no admin keys and cannot pause or upgrade Aztec Connect; a developer identified as "Param" said the contracts became fully immutable. The case underscores a recurring risk in DeFi: deprecated or "abandoned" contracts can remain attractive targets long after shutdown, especially when issues stem from core contract logic. The incident arrives during an active period for DeFi attacks. DeFiLlama data cited in the report shows $44 million has been stolen so far this month across at least 12 exploits. The largest theft referenced was a Humanity Protocol private-key compromise that reportedly led to $30 million in losses on June 8. The report also pointed to a Syscoin Bridge incident the prior day, where $8 million was allegedly stolen using a fake-proof exploit. Investigators will likely track whether the funds were routed through liquidity venues or remain traceable on-chain. For users, the practical takeaway is that deprecated, immutable contracts can still carry risk even after deposits are shut off.
ETH
ETH+5.19%
Notă informativă/atenție: conținutul de mai sus reprezintă doar opinia autorului și nu reflectă poziția BingX. Acesta nu trebuie interpretat drept sfat de investiții din partea BingX. Pentru detalii, consultă Termenii și condițiile.