Aztec Connect exploited for $2.1M after deprecated contract targeted

Key facts

• An attacker exploited Aztec Connect.
• The exploit targeted a verification function in a smart contract.
• Approximately $2.1 million in cryptocurrencies was stolen.
• The exploited smart contract was deprecated.
• The contract had been deprecated since March 2023.
• The smart contract was immutable.
• The incident highlights risks of abandoned DeFi protocols.

An attacker successfully exploited a vulnerability in Aztec Connect's smart contract, resulting in the theft of approximately $2.1 million in various cryptocurrencies. The exploit targeted a verification function within the contract, which was immutable. The contract had been deprecated since March 2023, meaning it was no longer actively maintained or updated. This incident serves as a stark reminder of the significant security risks associated with abandoned or outdated decentralized finance (DeFi) protocols. The attacker was able to drain the funds due to the contract's immutable nature and the presence of a exploitable verification function that was no longer monitored or secured. The value of the stolen assets was reported to be around $2.1 million.