Crypto news

On June 14, over $2.1 million was stolen from the Aztec Connect platform. The attacker exploited a critical vulnerability in the proof verification mechanism of the smart contract. This incident is a stark example of how "dormant" vulnerabilities in long-unused protocols can be activated years later.

Blockchain security specialists identified a suspicious transaction and promptly flagged it on the network. Analysis showed that the smart contract function only verified the beginning of the proof, leaving the token transfer instructions embedded in another part of the data without proper oversight. This flaw allowed the attacker to manipulate the withdrawal mechanism and steal approximately $2.19 million.

Dead Protocol — Living Threat

The Aztec Foundation confirmed receiving a notification about a potential exploit of Aztec Connect. The team emphasized that the incident does not affect the AZTEC token (ERC-20 standard) or the smart contracts of the current Aztec network. Furthermore, developers stated that Aztec Connect ceased operations three years ago, and Aztec Labs no longer manages this protocol. They do not have administrative keys and cannot stop or update the system.

"Aztec Labs does not have admin keys and does not gain control over the system. We cannot pause or update it," the developers stated.

This hack occurred just days after the exploit on Raydium (RAY), where hackers withdrew approximately $1.3 million from five outdated liquidity pools on the Solana (SOL) network. The latest attack is another in a series of hacks this month. According to DeFiLlama data, total losses since the beginning of June have already reached $43.93 million.

Expert opinion: This case is a harsh reminder that "dead" protocols carry real risks. As long as smart contracts remain on the blockchain, they are potential targets. Investors and developers should seriously consider procedures for "burying" such contracts to eliminate the possibility of their exploitation in the future.