Crypto news

18.06.2026
11:06

Second strike on Aztec Connect: hackers withdraw another $2.2 million from the abandoned protocol

The abandoned confidential protocol Aztec Connect continues to attract the attention of attackers. On June 18, I recorded a new attack on its smart contracts, resulting in the theft of approximately $2.2 million in cryptocurrency. This is the second incident in a week, following the hack on June 14, indicating a systemic vulnerability that hackers are actively exploiting.

How the repeat theft occurred

This time, the attacker withdrew 1158 ETH, 150,000 DAI, and approximately 0.47 renBTC tokens. The attack method largely mirrors the previous one: the hacker again exploited a vulnerability in the escapeHatch function. This mechanism was designed as a backup exit for users, allowing them to withdraw funds directly in case of a primary system failure. However, the critical flaw was the lack of access control verification — the door was open to anyone.

The essence of the exploit is simple: the system was supposed to verify that the user actually owned the assets they were trying to withdraw. Due to a code defect, the hacker was able to present a fake "proof" of ownership, and the contract, without proper verification, handed over other people's funds. Notably, the developers had long removed the vulnerable mechanism from the main code, but the contract deployed on the network still contained the old verification module. In essence, the loophole had been waiting for years in code that everyone considered inactive.

Why stopping the attack was impossible

The root of the problem lies in the status of Aztec Connect. It is a long-abandoned product that was decommissioned back in 2023 when the Aztec Labs team shifted to a new network. After the shutdown, the developers relinquished the management keys, and the contracts became immutable. This means the code is forever frozen on the network: it cannot be updated, fixed, or paused. The team simply has no technical ability to intervene and stop the theft.

It is important to emphasize that this incident does not affect the AZTEC token or the current Aztec network — it is a completely separate system. Nevertheless, the case once again demonstrates the hidden danger of DeFi: even abandoned smart contracts remain targets as long as they hold funds. According to DeFiLlama, in June 2026 alone, approximately $44 million was stolen as a result of at least 12 attacks.

Expert opinion: This incident is a stark example of how "forgotten" protocols become time bombs for the ecosystem. Users should critically assess the risks when interacting with any smart contracts, especially if the project has officially ceased support. The inability to update code is not protection but a fatal vulnerability if assets remain in the contract.