A legacy Aztec Connect smart contract has been exploited for roughly $2.19 million, according to a post-mortem published by blockchain security firm SlowMist.
The incident is a useful reminder that deprecated DeFi infrastructure does not simply disappear when a protocol moves on. If contracts remain live, immutable, and funded, they can still become targets — even when the main product is no longer active.
TL;DR
- SlowMist says a deprecated Aztec Connect contract was exploited for about $2.19 million.
- The affected assets reportedly included ETH, DAI, and wstETH.
- The issue involved a vulnerability tied to transaction counts and decoded slots.
- The case highlights the ongoing risk of “zombie” smart contracts in DeFi.
SlowMist Details Aztec Connect Exploit
According to SlowMist’s analysis, the exploit affected the legacy RollupProcessorV3 contract connected to Aztec Connect. The protocol had already been deprecated, but the smart contract remained on-chain and could not be paused in the way a more actively managed system might be.
SlowMist said the attacker exploited a boundary gap vulnerability involving the relationship between transaction counts and decoded slots in the decoder. In simple terms, the attacker was able to take advantage of how the contract handled certain encoded transaction data, creating a path to drain assets.
The reported loss came to about $2.19 million across ETH, DAI, and wstETH.
That number is not enormous by DeFi exploit standards, but the structure of the incident is more important than the headline amount. This was not a brand-new protocol failing under heavy use. It was a legacy contract from a deprecated system still carrying risk after the main user-facing product had moved on.
Why Deprecated Contracts Can Still Be Dangerous
DeFi users often think of inactive protocols as old news. Traders move to new apps, liquidity migrates, teams shift focus, and the market forgets. But blockchains do not forget. If a contract is still deployed, still callable, and still holds assets or has access to assets, it can remain part of the attack surface.
That is the problem with so-called zombie contracts. They may no longer be central to a project’s roadmap, but they still exist on-chain. If they are immutable, developers may have limited ability to upgrade, pause, or patch them after a vulnerability is discovered.
This creates a difficult security problem. DeFi is built around transparency and permanence, but that permanence can become a liability when old systems remain exposed.
For users, the lesson is straightforward: funds left in deprecated contracts can carry risks that are easy to overlook. Even if a project is reputable, older infrastructure may not have the same monitoring, liquidity, or emergency response options as an active protocol.
Broader DeFi Security Takeaway
The Aztec Connect exploit fits into a broader pattern across DeFi. Many attacks no longer come from obvious front-end scams. They come from edge cases in contract logic, upgrade assumptions, oracle handling, accounting systems, and forgotten infrastructure.
That makes technical post-mortems like SlowMist’s especially valuable. They do more than explain one loss. They show how small assumptions in smart contract design can become serious vulnerabilities once an attacker finds the right path.
For developers, the case reinforces the need for shutdown planning. Deprecating a protocol should include clear user migration, liquidity withdrawal guidance, monitoring of remaining contracts, and public communication around residual risk.
For users, it is another reason not to leave funds sitting in old DeFi systems just because they once seemed safe.
The exploit may be tied to a deprecated contract, but the lesson is current: in crypto, inactive infrastructure can still be active risk.