$2.1M Drained From Aztec Connect After Legacy Contract Flaw Exploited

• Attacker bypassed proof validation, stole ETH, DAI, wstETH
• Aztec Labs unable to intervene after renouncing contract control

On June 15, 2026, Cryptopolitan reported that Aztec Connect, Aztec Labs’ deprecated privacy bridge, lost $2.1 million in an exploit caused by a long-standing smart contract verification flaw. Security analysts at BlockSec and CertiK flagged the incident, noting that the contract, shut down three years earlier, failed to fully validate proof data during token withdrawals. Instead, its function checked only the initial segment of each proof for validity, leaving subsequent embedded instructions unverified.

This flaw enabled the attacker to include malicious withdrawal instructions within the unchecked portion of proof data. The result was the unauthorized transfer of ETH, DAI, and wstETH from the bridge. Since Aztec Labs had renounced administrative control several years ago, they were unable to upgrade, patch, or prevent further attacks, leaving the remaining bridge assets exposed.

This breach underscores a rising trend in DeFi-related exploits, with over $43 million stolen from smart contracts in June 2026 alone, according to Cryptopolitan. The vulnerability also highlights the persistent risks in legacy contracts that are no longer maintained but still hold significant user funds.

As of June 15, 2026, at 13:09 UTC, Ethereum (ETH) is trading at $1,782.73, up 6.93% in 24-hour volume. Dai (DAI) remains at $1.00 with a 0.02% increase in volume, and Ethena (ENA) trades at $0.087 with a 7.31% volume boost, according to current market survey data.