Hackers have once again drained the abandoned Aztec Connect: another $2.2 million has vanished
The Aztec Connect protocol, long considered "dead," continues to incur losses. On June 18, attackers struck its smart contracts for a second time, siphoning off approximately another $2.2 million. This occurred just four days after the first attack on June 14, making the situation particularly telling for the entire DeFi industry.
This time, the hacker stole 1158 ETH, 150,000 DAI, and roughly 0.47 renBTC. The attack method was identical to the previous one, but the attacker targeted a different liquidity pool, using a different entry point.
The Achilles' Heel of the "Emergency Hatch"
The vulnerability lay in the escapeHatch function — a mechanism theoretically designed to allow users to urgently withdraw funds if the main system fails. The problem is that this function completely lacked access control checks. Essentially, the door was wide open for anyone who knew how to knock.
Roughly speaking, the system was supposed to verify that the user actually owned the assets they were trying to withdraw. But due to a coding error, this procedure could be bypassed. The hacker simply presented a fake "proof" of ownership, and the contract, without blinking, handed over other people's cryptocurrencies.
Most alarming: developers had long removed this vulnerable module from the main code. However, the contract already deployed on the network still contained the old, "leaky" version of the verification module. The vulnerability lay dormant for years in code that everyone considered inactive.
Why Stopping the Theft Was Impossible
The root of the problem is that Aztec Connect is a long-abandoned product. The protocol was decommissioned in 2023 when the Aztec Labs team switched to a new network. After the shutdown, developers renounced the admin keys, making the contracts immutable. This means the code is permanently frozen on the network: it cannot be updated, fixed, or paused. The team simply has no technical ability to intervene and stop the theft.
An important point: this incident does not affect the AZTEC token or the active Aztec network — this is a completely separate system. However, this case once again highlights the hidden danger of DeFi: even abandoned smart contracts remain targets as long as money is stored in them. According to DeFiLlama, approximately $44 million was stolen in at least 12 attacks in June 2026 alone.
Analyst's comment: This story is a harsh lesson for all market participants. "Forgotten" contracts with liquidity are a ticking time bomb. Until the community develops standards for "decommissioning" outdated protocols (e.g., mandatory user fund withdrawals before renouncing admin keys), such incidents will recur. Vigilance towards "dead" pools should be as high as it is for new, unaudited projects.