Legacy Aztec Contract Exploited for $2.1 Million, Highlighting DeFi Risks

A legacy Aztec Connect contract was exploited for approximately $2.1 million on June 14, highlighting the risks associated with abandoned or discontinued DeFi contracts.

The affected contract, RollupProcessorV3, is an immutable smart contract that was part of Aztec Connect's deprecated infrastructure, which was shut down in March 2023.

The exploit reportedly targeted a bug in ZK proof-verification logic that failed to bind verified proofs correctly to transaction actions, allowing the attacker to drain approximately 909 ETH from the contract.

Aztec Labs had no admin keys to intervene or recover the funds, emphasizing the limitations of immutable smart contracts.