An old Aztec Connect smart contract has been exploited for around $2.19 million, according to a post-mortem published by blockchain security firm SlowMist.
The incident is a useful reminder that legacy DeFi infrastructure doesn’t simply disappear as a protocol advances. If contracts remain live, immutable, and funded, they can still become targets – even if the main product is no longer active.
TL; DR
- SlowMist says an outdated Aztec Connect contract has been exploited for approximately $2.19 million.
- The affected assets reportedly include ETH, DAI, and wstETH.
- The issue involved a vulnerability related to the number of transactions and decrypted slots.
- The case highlights the persistent risk of “zombie” smart contracts in DeFi.
SlowMist details Aztec Connect exploit
According to SlowMist’s analysis, the exploit affected the old RollupProcessorV3 contract connected to Aztec Connect. The protocol was already outdated, but the smart contract remained on-chain and could not be paused like a more actively managed system might.
SlowMist said the attacker exploited a vulnerability in the border opening that related to the relationship between the number of transactions and the decrypted slots in the decoder. Simply put, the attacker was able to take advantage of the way the contract handled certain encrypted transaction data, creating a path to drain assets.
The reported loss was approximately $2.19 million for ETH, DAI, and wstETH.
That number isn’t huge by DeFi exploitation standards, but the structure of the incident is more important than the total amount. This wasn’t a brand new protocol that failed under heavy use. It was an old contract from an outdated system that still posed risks after the core user-facing product had been further developed.
Why outdated contracts can still be dangerous
DeFi users often regard inactive protocols as old news. Traders move to new apps, liquidity migrates, teams shift focus, and the market forgets. But blockchains don’t forget. If a contract is still deployed, still queryable, and still contains or has access to assets, it can remain part of the attack surface.
That’s the problem with so-called zombie contracts. They may no longer be central to a project’s roadmap, but they still exist in the chain. If they are immutable, developers may have limited ability to upgrade, pause, or patch them after a vulnerability is discovered.
This creates a difficult safety problem. DeFi is built around transparency and sustainability, but that sustainability can become a problem if old systems are left exposed.
For users, the lesson is simple: Money left in legacy contracts can pose risks that are easily overlooked. Even if a project is in good standing, legacy infrastructure may not have the same monitoring, liquidity, or emergency response options as an active protocol.
Broader takeaway for DeFi security
The Aztec Connect exploit fits into a broader pattern within DeFi. Many attacks no longer come from obvious front-end scams. They arise from edge cases in contract logic, upgrade assumptions, oracle handling, accounting systems and forgotten infrastructure.
That makes technical post-mortems such as those from SlowMist particularly valuable. They do more than explain one loss. They show how small assumptions when designing smart contracts can become serious vulnerabilities once an attacker finds the right path.
For developers, the case reinforces the need for shutdown planning. Deprecating a protocol should include clear user migration, liquidity withdrawal guidelines, monitoring of remaining contracts, and public communication of residual risks.
For users, this is yet another reason not to leave funds in old DeFi systems just because they once seemed safe.
The exploit may be tied to an outdated contract, but the lesson is current: in crypto, inactive infrastructure can still pose an active risk.