Breaking
RUСильные взрывы снова прозвучали в КиевеVNHaaland lập cú đúp, Na Uy loại Brazil ở World Cup 2026CN超級颱風巴威襲擊美屬羅塔島,關島進入戒備狀態CN超級颱風巴威襲擊美屬羅塔島前夕,關島與北馬里亞納群島遭遇強風豪雨AUCannibalism part of investigation into death of 4-year-old boy on NSW Central CoastDESPD fordert Merz auf, Demokratiedefizite in der Türkei anzusprechenARHaaland leads Norway to the quarter-finals, Mbappe and Vargas shineARفرق رياضية تستعد للموسم الجديد بمعسكرات خارجية ومباريات وديةRUПредставлена модель российского высокоскоростного поезда в серийной окраскеRUЗамглавы МИД РФ назвал условие переговоров Москвы с ЕСRUСильные взрывы снова прозвучали в КиевеVNHaaland lập cú đúp, Na Uy loại Brazil ở World Cup 2026CN超級颱風巴威襲擊美屬羅塔島,關島進入戒備狀態CN超級颱風巴威襲擊美屬羅塔島前夕,關島與北馬里亞納群島遭遇強風豪雨AUCannibalism part of investigation into death of 4-year-old boy on NSW Central CoastDESPD fordert Merz auf, Demokratiedefizite in der Türkei anzusprechenARHaaland leads Norway to the quarter-finals, Mbappe and Vargas shineARفرق رياضية تستعد للموسم الجديد بمعسكرات خارجية ومباريات وديةRUПредставлена модель российского высокоскоростного поезда в серийной окраскеRUЗамглавы МИД РФ назвал условие переговоров Москвы с ЕС
Newsgather
BackAztec Connect Suffers $2.1 Million Crypto Exploit Due to Verification Flaw
Aztec Connect Suffers $2.1 Million Crypto Exploit Due to Verification Flaw
Developing
Cointelegraph6/15/2026Tech2 min read

Aztec Connect Suffers $2.1 Million Crypto Exploit Due to Verification Flaw

Quick Look

  • Aztec Connect, a deprecated DeFi platform, lost approximately $2.1 million in crypto on Sunday after an attacker exploited its transaction verification function.
  • Aztec Labs confirmed the incident, stating it did not affect the current Aztec network users or assets.
  • The exploit highlights the risks associated with abandoned DeFi contracts.

AI-generated summary

Why It Matters

Aztec Connect was a deprecated DeFi bridge launched in 2022, part of the Aztec Network, a privacy-focused layer-2 ZK rollup on Ethereum. It was deprecated in March 2023.

Font size

Aztec Connect, a deprecated decentralized finance platform, was drained of around $2.1 million in crypto on Sunday after an attacker exploited its verification function.

Aztec Labs posted to X on Sunday that it was “investigating a potential exploit affecting Aztec Connect,” adding that around $2.1 million was transferred from the platform’s smart contract, which did not affect users or assets on the current Aztec network.

The exploit is the latest in the $44 million worth of crypto that has been stolen so far this month from at least 12 other exploits, according to DeFiLlama.

A private key compromise on the Humanity Protocol has been the largest so far in June, with $30 million lost on June 8, followed by the Syscoin Bridge, which saw $8 million swiped in a fake proof exploit the previous day.

Crypto security firm BlockSec said that an attacker exploited a mismatch in how the platform verified transactions and settled them on Ethereum.

It said that verified transactions on Aztec Connect’s contract were “not effectively bound to the transaction set enforced by the ZK proof,” allowing its verification path and settlement logic on Ethereum “to interpret the transaction list differently.”

The attacker could then place transactions where the contract credited value without validating it on Ethereum, which created unbacked balances that could then be withdrawn. The attacker did this seven times across seven different assets.

The attacker made off with 909 Ether (ETH), 270,000 Dai (DAI), 167 of wrapped staked ETH and a handful of other cryptocurrencies.

Some of the assets stolen in the exploit. Source: CertiK

Aztec Network is a privacy-focused layer-2 zero-knowledge (ZK) rollup on Ethereum. Aztec Connect was the previous version of the platform that launched in 2022 as a DeFi bridge.

Related: Crypto exploit losses in May fall 90% over month to $68M: CertiK

Aztec Connect was deprecated in March 2023, with deposits halted and the team shifting resources to the next-generation Aztec Network.

“Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us,” the team said.

Crypto developer “Param” said Aztec Connect’s smart contracts became “fully immutable” and could no longer be upgraded or paused.

“The incident is another reminder that abandoned DeFi contracts can still become targets years later,” they said.

Open Questions

  • Will further exploits occur on other deprecated DeFi platforms?
  • What specific measures will be taken to prevent similar future exploits?

Related Topics

This article was originally published by Cointelegraph.

Related Stories

More on this topicAztec Connect