Aztec Connect, a deprecated privacy-focused DeFi platform, was exploited on Sunday for approximately $2.1 million. Aztec Labs confirmed the incident, noting that current network users and assets were unaffected.
Security firm BlockSec reported the attacker exploited a critical mismatch between the platform's transaction verification and its Ethereum settlement logic. The exploit allowed the attacker to credit unbacked balances and withdraw funds across seven transactions.
Total stolen assets included 909 Ether (ETH), 270,000 Dai (DAI), and 167 wrapped staked ETH, among other tokens. The exploit is part of a larger wave of attacks exceeding $44 million in losses this month.
Aztec Connect was retired in March 2023 as the team shifted focus to the next-generation Aztec Network. The smart contracts were rendered fully immutable, leaving no administrative controls to pause or upgrade the system. The incident underscores the lasting risks posed by abandoned decentralized finance infrastructure.