The Aztec network, a privacy-focused Ethereum L2 scaling solution, joined the list of recently exploited DeFi protocols over the weekend when malicious actors hit a vulnerability left behind in its long-abandoned smart contract. The incident drained over $2.19 million from the deprecated Aztec Connect router contract, an investigation into which is underway.
Security firm CertiK first flagged this attack against Aztec on Sunday. Its analysis traced a flaw in the contract’s cryptographic proof verification logic as the entry point for the attacking entity.
Soon after, Aztec Labs acknowledged the incident via a post on their official X handle. It highlighted that the affected Aztec Connect protocol was discontinued three years ago and that it held no admin keys or control over the current system.
“We are investigating a potential exploit affecting Aztec Connect. ~$2.1m was transferred from the immutable smart contract in transaction,” said Aztec Labs.
Aztec Connect served as an Ethereum privacy bridge that allows users to move assets anonymously between the depositing and withdrawing wallets.
Because the Aztec Connect platform was deprecated in 2023, the development team has no remaining authority over its infrastructure. As of now, Aztec has not yet explained why exactly did the deprecated version of its Connect platform hold the funds.
Sharing elaborate details on the fund trasfer history, CertiK issued a “stay vigilant” alert to the DeFi community.
The development comes nearly two months after the Aztec Network team informed its users about a critical vulnerability challenging the network’s fund safety provisions. The team, in March, said they had found a bug in their system which could have lead to the theft of user funds.
“The vulnerability affects the proving system as a whole, and is not mitigated via public re-execution by the committee of validators. Exploitation can lead to severe disruption of the protocol and theft of user funds,” Aztec had said at the time. It has been working on a “bug tracker” to track and resolve any bugs infiltrating its network and ecosystems.
Perhaps, the admission of this vulnerability in the Aztec ecosystem caught the attention of cyber criminals.
Source: Aztec Network
More details on how the Aztec Connect was exploited remains awaited for now.
According to DeFiLlama, the Aztec exploit has added to an expensive month for DeFi which has lost over $43.9 million in June alone through smart contract exploits, hacks, and scams. The on-chain tracking firm also shows that the total value hacked in April hit a whopping $634.8 million.
Source: DefiLlama
The exploits of Raydium, Token of Power, and Humanity made it to the headlines in the last few days.
