Overview
- The attacker drained roughly $2.1–$2.19 million from legacy Aztec Connect contracts on Ethereum on Sunday, moving about 909 ETH, 270,000 DAI and 167 wstETH.
- Security firms CertiK, BlockSec and SlowMist say the exploit abused a verification and settlement mismatch in the RollupProcessorV3 code to create and withdraw unbacked balances.
- On-chain tracing shows the exploit wallet was funded through the Tornado Cash mixer and the attacker address 0x0F18D8b44a740272f0be4d08338d2b165b7EdD17 is being monitored.
- Aztec Labs confirmed it renounced admin keys after deprecation and therefore cannot pause, upgrade or reverse activity on the old Aztec Connect contracts.
- The incident highlights a wider DeFi risk that deprecated, immutable contracts can retain sizable funds for years and that shutdown plans need active post‑deprecation monitoring and recovery options.