The Aztec Network has faced a significant security setback as two of its deprecated legacy systems were targeted in a coordinated series of attacks. Over the span of just three days, malicious actors successfully drained more than $4 million in digital assets from retired smart contracts that had remained active on the Ethereum blockchain despite being officially sunset years ago.

The first breach occurred on June 14, targeting the Aztec Connect protocol. Despite the platform having been shut down, residual liquidity remained within the immutable contract. Attackers exploited vulnerabilities in the system’s zero-knowledge proof verification logic, allowing them to bypass security checks and withdraw approximately $2.1 million in assets, including ETH, DAI, and wstETH. Because the contract was designed to be immutable, it could not be paused or patched to prevent the unauthorized activity.

Just three days later, a second exploit struck the Private Rollup Bridge, another piece of legacy infrastructure. In this instance, attackers utilized a crafted zero-knowledge proof to trigger the contract’s ‘escape hatch’ mechanism, resulting in the theft of roughly $2.15 million in ETH. Similar to the first incident, the vulnerability stemmed from a failure in the system’s ability to correctly validate state transitions against the submitted proofs.

Representatives from the Aztec Foundation have clarified that these incidents are entirely isolated to deprecated products and have no impact on the current Aztec network or the AZTEC token ecosystem. The foundation emphasized that because these legacy contracts were deployed as immutable, they lacked the functionality for emergency intervention or upgrades, leaving them permanently exposed to sophisticated technical exploits.

Key Takeaways

• Two legacy Aztec Network contracts were exploited for a combined total of over $4 million in assets.
• The attacks targeted deprecated, immutable smart contracts that remained on-chain despite being officially retired.
• The current Aztec network and the AZTEC token remain unaffected by these security breaches.

Editor’s Analysis & Impact

These incidents serve as a stark reminder of the ‘zombie contract’ risk within the decentralized finance (DeFi) ecosystem. As protocols evolve and transition to newer architectures, the legacy code often remains on the blockchain, creating a persistent attack surface. The fact that these contracts were immutable—a feature often touted as a security benefit—became a liability, as it rendered the developers powerless to intervene once a vulnerability was discovered. This event highlights a critical need for better decommissioning standards in blockchain development, such as implementing ‘kill switches’ or migration paths that allow for the total withdrawal of liquidity before a contract is abandoned. For the broader industry, this underscores that zero-knowledge proof implementations are highly complex, and even retired systems require ongoing security monitoring if they continue to hold significant on-chain value.

Frequently Asked Questions

Q: Are current Aztec Network users at risk from these hacks?
A: No. The exploits were limited to deprecated, legacy infrastructure that is no longer part of the active Aztec ecosystem. The current network and the AZTEC token remain secure.

Q: Why couldn't the Aztec team stop the attacks?
A: The affected contracts were designed to be immutable, meaning they were hard-coded to be permanent and could not be paused, patched, or modified by the developers once they were deployed.