Crypto news

18.06.2026
11:48

The abandoned Aztec Connect protocol has been attacked again: hackers have withdrawn an additional $2.2 million.

Second Strike on a Dead Protocol: On June 18, attackers once again hacked the abandoned Aztec Connect, stealing approximately $2.2 million. This is the second incident in a week — the first attack occurred on June 14. This time, the hacker withdrew 1158 ETH, 150,000 DAI, and approximately 0.47 renBTC tokens. The attack method is similar to the previous one, but targeted a different liquidity pool through an alternative entry point.

How the Second Hack Occurred

The vulnerability was again linked to the escapeHatch function — an "emergency hatch" designed for direct user withdrawals in case of main system failure. The problem is that this mechanism lacked access control checks. Essentially, the door was open to anyone who could forge proof of asset ownership.

The attacker provided a fake "proof" of fund ownership, and the smart contract, lacking built-in verification, simply handed over other people's cryptocurrencies. Critical detail: the developers had long removed the vulnerable mechanism from the main code, but the deployed contract on the network still contained the old verification module. The loophole had been waiting for years in code that everyone considered inactive.

Why Stopping the Attack Was Impossible

The root of the problem lies in Aztec Connect's status. This protocol was a bridge for private DeFi operations on Ethereum, but it was decommissioned back in 2023 when the Aztec Labs team switched to a new network. After closure, developers renounced admin keys, making the contracts immutable. The code is forever frozen on the network: it cannot be updated, fixed, or paused. The team simply has no technical ability to intervene and stop the theft.

It is important to emphasize: the incident does not affect the AZTEC token or the active Aztec network — this is a completely isolated system. This case once again demonstrates the hidden danger of DeFi: even abandoned smart contracts remain targets as long as funds are stored in them. According to DeFiLlama, in June 2026 alone, approximately $44 million was stolen as a result of at least 12 attacks.

Expert opinion: "The Aztec Connect incident is a classic example of 'dead code' that continues to pose risks. DeFi investors and users should learn the lesson: if a protocol is shut down and funds remain in immutable contracts, they are effectively in a high-risk zone. Without upgrade capabilities, such systems become time bombs."