Aztec Connect Exploit Drains $2.1M From Deprecated Bridge

Aztec Labs Says Current Network and Token Contracts Were Not Affected

TL;DR

• Aztec Connect was exploited after being deprecated, with funds drained from old smart contracts.
• CertiK and BlockSec pointed to flaws involving proof validation and Ethereum settlement logic.
• Aztec Labs said it had no admin keys and could not pause or upgrade the system.

Trade smarter on Jupiter, Solana’s leading DEX built for fast execution and deep liquidity. 

Swap tokens at competitive rates, route across multiple liquidity sources automatically, and access perpetuals, DCA, and advanced trading tools — all in one place!

Aztec Connect, a deprecated DeFi privacy bridge, was exploited on June 14, 2026, with an attacker draining more than $2.1 million from old smart contracts after security firms identified flaws tied to proof verification and settlement logic. Aztec Labs said the incident affected Aztec Connect, not the current Aztec network, and said assets on the current network were not impacted.

Aztec Connect launched in 2022 as a zk-rollup bridge on Ethereum that allowed users to interact privately with DeFi protocols such as Aave and Lido while shielding transaction details through zero-knowledge proofs. The product was deprecated in March 2023, when deposits were halted and the team began winding down the bridge after shifting resources toward the next-generation Aztec Network.

Aztec Labs stopped running the Aztec Connect sequencer by March 2024, further separating the retired bridge infrastructure from the current Aztec network. The exploited contracts were described as immutable, meaning they could not be upgraded, paused or patched after the vulnerability surfaced.

Aztec Labs said it was “investigating a potential exploit affecting Aztec Connect” and said roughly $2.1 million had been transferred from the platform’s smart contract. The company added: “Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us.”

Security Firms Point to Proof and Settlement Flaws

CertiK flagged the suspicious transaction on X and linked the exploit to a suspected flaw in Aztec Connect’s proof verification logic. CertiK said the exploit appeared to stem from incomplete validation of submitted proof data, where one contract function verified only the beginning of the proof while token transfer instructions embedded elsewhere in the data may not have been properly checked.

CertiK Alert posted: “We have detected a suspicious transaction that drained @aztecnetwork Router contract of ~$2.19M by 0x0f18d8b44a740272f0be4d08338d2b165b7edd17 on Ethereum. Stay Vigilant!” CertiK’s analysis said the flaw allowed the attacker to manipulate withdrawals and drain funds from the Aztec Connect router contract.

BlockSec said the attacker exploited a mismatch in how Aztec Connect verified transactions and settled them on Ethereum. BlockSec said verified transactions on Aztec Connect’s contract were “not effectively bound to the transaction set enforced by the ZK proof,” allowing the contract’s verification path and Ethereum settlement logic “to interpret the transaction list differently.”

BlockSec’s analysis said the attacker could place transactions where the contract credited value without validating it on Ethereum, creating unbacked balances that could then be withdrawn. The attacker reportedly repeated the maneuver seven times across seven different assets.

BlockSec Phalcon’s analysis described the root issue as a mismatch around the boundary between the verified transaction set and Layer 1 settlement processing. CertiK framed the technical issue as incomplete proof-data validation, while BlockSec framed it as a settlement-verification mismatch.

We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!

Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.