A protocol that was officially killed three years ago just lost $4.5 million across three separate attacks in seven days — and nobody can do a single thing about it.
Aztec Connect, the once-promising privacy-focused zk-rollup backed by $100 million in venture capital from a16z and others, has become DeFi’s most expensive ghost. Deprecated in March 2023 and made permanently immutable when Aztec Labs surrendered its admin keys in April 2024, the protocol’s smart contracts sat on Ethereum like an unlocked vault with a neon sign reading “open source.” Three attackers read that sign. All three walked away richer.
The Triple Drain: Seven Days of Carnage
The first blow landed at 12:26 UTC on 14 June. A single atomic transaction — fourteen batched rollup calls — hoovered up 909 ETH, 270,513 DAI, 167.89 wstETH, and a grab-bag of Yearn vault tokens. Total haul: approximately $2.19 million. The attacker had been funded via Tornado Cash just three hours earlier, deployed five contracts in a ten-minute window, and was gone before Aztec Labs even posted a statement.
CertiK flagged the drain 86 minutes after it happened. Aztec Labs took another 74 minutes after that to say anything — and when their statement finally arrived, it was four sentences and a transaction hash. No technical detail. No timeline. No commitment to a postmortem. The team that wrote the code simply noted the contracts were immutable and they held no admin keys.
Eight hours later, a second attacker — different wallet, different setup — returned to the same vulnerability. They swept $88,000 in residual DeFi bridge positions: wrapped Aave tokens, Compound deposits, and TroveBridge positions the first drain had missed. The door had been left open and someone else walked through it.
Then, on 17 June, a third attacker struck an entirely different Aztec contract through a completely separate entry point: the “escape hatch.” Another $2.21 million — 1,158 ETH, 150,000 DAI, and 0.47 renBTC — vanished from the Private Rollup Bridge.
The Irony of the Escape Hatch
The name alone should give you pause. The “escape hatch” was Aztec Connect’s emergency exit — a mechanism designed to let users withdraw funds if the sequencer went offline. It was, quite literally, the last line of defence for depositors in a deprecated system.
SlowMist’s analysis of the third attack revealed that the escapeHatch() function on the RollupProcessor contract lacked any access control whatsoever. No onlyOwner modifier. No verification that the caller actually owned the assets they were withdrawing. The contract accepted forged proofs and handed over real money.
The first two attacks exploited something equally damning: a “settlement boundary bypass.” Aztec Connect’s architecture relied on two systems — a ZK validity proof and an L1 settlement layer — that were supposed to agree on which transactions were real. They didn’t. The proof committed to 32 rows of data; the settlement code only processed however many numRealTxs specified. The attacker set that number to 1 while packing a fraudulent deposit into row 2. The proof stamped it valid. The settlement layer never checked it. The withdrawal came next.
As BlockSec put it: “numRealTxs was not effectively bound to the transaction set enforced by the ZK proof.” The cryptography never failed. The logic between two systems that trusted each other — but never verified each other — did.
$100 Million in VC, Zero Ability to Respond
Aztec Labs raised $100 million in December 2022, led by a16z, to build privacy infrastructure for Ethereum. The Aztec Connect product was a significant part of that vision. When they deprecated it and pivoted to the current Aztec Network, they did everything protocol teams are “supposed” to do: gave users over a year of notice, published reminders, built exit infrastructure, and eventually surrendered the admin keys to make the contracts immutable.
That last step — renouncing control — is considered best practice in DeFi. It prevents rug pulls, admin key compromises, and centralised censorship. It is also, as we have now seen, a one-way ticket to helplessness when things go wrong.
Aztec Labs cannot pause these contracts. They cannot patch the vulnerability. They cannot freeze the stolen funds. They cannot even upgrade the verification logic. The team that wrote the code has, by design, no more power over it than any anonymous attacker with a Tornado Cash deposit and some patience.
Ironically, Aztec Labs had paid out a $450,000 bug bounty in 2023 for a critical flaw in the same codebase — a fix that was only possible because they still held admin keys at the time. By the time this week’s vulnerabilities were exploited, those keys had been gone for over two years.
DeFi’s Growing Graveyard Problem
Aztec Connect is not alone. In the same month, Raydium lost $1.3 million through deprecated liquidity pools on Solana. According to DeFiLlama, approximately $44 million has been stolen across at least twelve attacks in June 2026 alone, making Q2 2026 the most-hacked quarter in crypto history with roughly 70 exploits.
The pattern is unmistakable: attackers are systematically scanning deprecated protocols for funds that users never withdrew and teams can no longer protect. These “zombie contracts” — dead to their creators but very much alive on-chain — represent a growing class of risk that DeFi has no good answer for.
Who Owns a Protocol After It Dies?
This is the question Aztec Connect forces the industry to confront. The team did not rug-pull. They did not abandon users without warning. They sunset the product responsibly, by every standard the industry has established. And yet the outcome — $4.5 million in user funds stolen from contracts nobody can fix — is indistinguishable from negligence.
The uncomfortable truth is that “immutable” and “safe” were never synonyms. Immutability means a contract cannot be changed. It does not mean a contract has no bugs. When a team renounces admin keys over a contract that still holds millions in user funds, they are making a bet that their code is perfect. History — and this week specifically — suggests that bet is rarely wise.
Blockful’s warning after the first attack resonated across crypto Twitter: “Old contracts continue to be targets for hackers. When protocols wash their hands of maintenance, they become even more attractive targets.”
Meanwhile, Aztec Labs quietly disclosed in March 2026 that their current live Aztec Network also contains a critical vulnerability — unrelated to this exploit — with a fix planned for the v5 release in July. The actual bug and patch will not be publicly disclosed until then.
A deprecated contract losing $4.5 million across three consecutive attacks, and a live network carrying an undisclosed critical bug. The architecture makes intervention impossible on the first, and apparently not urgent enough on the second.
DeFi’s zombie graveyard is filling up fast. The question is no longer whether more deprecated protocols will be drained — it’s how much money is still sitting in contracts that nobody is watching, nobody can fix, and everybody can read. This story is still developing.
