Back to Blog
Web3 / Smart Contract Security

Aztec Connect: $2.1M Stolen From a Bridge With No One Left to Fix It

A proof-verification flaw let an attacker drain a DeFi privacy bridge that Aztec Labs deprecated three years ago and can no longer patch, pause, or upgrade — a case study in what "immutable" really costs.

PyramidLedger Research4 min read
Share

Key Takeaways

  • An attacker drained roughly $2.1 million from Aztec Connect, a privacy-focused DeFi bridge that Aztec Labs deprecated in March 2023.
  • The bug was a proof-verification mismatch: the transaction count checked in a verified rollup proof (`numRealTxs`) could differ from the count actually applied to the Layer-1 state (`_numTxs`), letting the attacker credit value that was never properly backed on-chain.
  • Because Aztec Labs renounced admin keys when it deprecated the bridge, the contract could not be paused, upgraded, or patched — the flaw sat live and unfixable for years.
  • The exploit fits a pattern: Raydium and DxSale have both suffered recent losses from legacy contracts that teams can no longer touch.

Aztec Connect, the zero-knowledge privacy bridge built by Aztec Labs, was shut down in March 2023. On 14 June 2026, an attacker walked away with roughly $2.1 million in ETH, DAI, and wrapped staked ETH from the same contract — three years after the team stopped maintaining it and gave up the keys.

What actually happened

According to Halborn's technical writeup and reporting from Cointelegraph, the root cause was a mismatch between two values the bridge used to reconcile rollup proofs with Layer-1 state: the number of transactions a zero-knowledge proof claimed to verify (numRealTxs) and the number of transactions actually applied when the contract updated its state (_numTxs). Those two counts were not guaranteed to match. The contract's proof check only validated part of the submitted proof data, leaving room for transfer instructions elsewhere in the payload to slip through without full verification.

That gap let the attacker submit transactions that credited value inside the bridge without the on-chain backing a correct implementation would have required — in effect, minting withdrawable balance the system never actually received. Yahoo Finance/Cointelegraph reporting indicates the attacker pulled out 909 ETH, 270,000 DAI, 167 wrapped staked ETH, and other assets across seven transactions.

Why nobody could stop it

This is the part that should concern every team running a decentralized protocol, not just Aztec's. When Aztec Labs deprecated Connect in 2023, it deliberately renounced admin control — no multisig, no upgrade path, no pause switch. That's a legitimate decentralization commitment: users don't have to trust a team that could rug them later. But it also means that once a bug is found, there is no one who can stop the bleeding. Aztec Labs confirmed as much on social media, stating it "holds no admin keys or control over the system; it cannot be paused or upgraded." The company was explicit that the incident does not touch the current Aztec network or its token.

Part of a pattern, not a one-off

Web3 Is Going Great, which first flagged the incident, notes that Aztec Connect is only the latest in a run of attacks against dormant smart contracts — Raydium and DxSale have both taken losses from legacy code that could not be deleted, paused, or changed. Blockchain immutability, the same property that makes DeFi credibly neutral, also means an unpatched contract can sit as a live liability indefinitely, waiting for someone to notice the bug before an attacker does.

What this means for teams shipping on-chain

  • Decommissioning is a security decision, not a formality. Renouncing admin keys is often the right long-term move for user trust, but it should follow — not precede — a final, thorough audit focused specifically on edge cases in proof/state reconciliation logic.
  • Deprecated does not mean dead. If a contract still holds user funds, it is still in your threat model. "We stopped maintaining it" is not a mitigation an attacker respects.
  • Proof-verification boundaries need adversarial testing. Mismatches between what a proof attests to and what state changes it actually authorizes are a recurring class of bug in rollup and ZK-bridge designs, not unique to Aztec.

FAQ

Frequently Asked Questions

Is the current Aztec network affected by this exploit?

No. Aztec Labs and reporting on the incident state the exploit was isolated to the deprecated Aztec Connect bridge contract and does not affect the current Aztec network or the AZTEC token.

Why couldn't Aztec Labs just patch the vulnerable contract?

Aztec Labs renounced its admin keys when it deprecated Aztec Connect in March 2023, so the contract has no owner, pause function, or upgrade mechanism — it is immutable, and the bug could not be fixed once it was found.

What was the technical root cause of the exploit?

Reporting describes a mismatch between the transaction count verified in a zero-knowledge rollup proof (numRealTxs) and the count actually applied to Layer-1 state (_numTxs), combined with incomplete validation of the full proof payload — together allowing the attacker to credit value inside the bridge that wasn't properly backed on-chain.

Sources

  1. 1Aztec Connect Exploited For $2.1 MillionWeb3 Is Going Great
  2. 2Aztec Connect Exploited For $2.1 MillionCointelegraph
  3. 3Explained: The Aztec Connect Hack (June 2026)Halborn
  4. 4Attacker Drains $2.1 Million From Aztec Connect 3 Years After Its ShutdownYahoo Finance
Share

Read next