Crypto news

18.06.2026
10:50

Abandoned Aztec Connect protocol attacked again: hackers withdraw another $2.2 million

The abandoned Aztec Connect privacy transaction protocol has been attacked again. On June 18, an attacker managed to withdraw approximately $2.2 million in cryptocurrency from its smart contracts. This is the second incident in a week — the first attack occurred on June 14, and the damage was also significant.

Details of the Second Hack

This time, the hacker stole 1158 ETH, 150,000 DAI, and approximately 0.47 renBTC tokens. Security analysts from BlockSec Phalcon and SlowMist confirmed that the attack was carried out through a vulnerability in the escapeHatch function. This mechanism was designed to allow users to urgently withdraw their funds if the main system stopped working. However, the developers made a critical mistake: the function did not check access rights. Essentially, the "door" was open to anyone.

The attack mechanism was simple but effective. The hacker provided the smart contract with a fake "proof" of asset ownership, and the contract, unable to verify its authenticity, obediently transferred other people's funds to him. Notably, the vulnerable code itself was removed from the project's main repository back in 2023. However, the contract deployed on the network remained unchanged, and the "backdoor" continued to wait for its moment. This is a classic example of how "dead" code, which everyone thought was inactive, becomes a time bomb.

Why It Was Impossible to Stop the Attack

The root of the problem lies in the status of Aztec Connect itself. This protocol was a bridge for private operations in DeFi on Ethereum, but it was decommissioned last year when the Aztec Labs team switched to developing a new network. After the shutdown, the developers renounced the management keys, making the contracts immutable — meaning their code is forever frozen on the blockchain. It cannot be updated, fixed, or paused. The team simply has no technical ability to intervene and stop the theft.

It is important to emphasize that the incident does not affect either the AZTEC token or the current Aztec network — this is a completely isolated, abandoned system. However, this case once again demonstrates the hidden danger of DeFi: even "dead" smart contracts remain a target as long as funds are stored in them. According to DeFiLlama, in June 2026 alone, approximately $44 million was stolen as a result of at least 12 attacks. The market continues to pay for design mistakes made years ago.

Expert opinion: The attack on Aztec Connect is not just a technical quirk, but a systemic problem in the industry. Projects announcing a "shutdown" should not just renounce keys, but should conduct a full migration of liquidity and destroy outdated contracts. Leaving "abandoned" smart contracts with millions of dollars is like leaving an open safe full of money in the middle of the street. Until the community develops clear standards for "decommissioning," such incidents will continue to occur.