Ethereum · CertiK · Crypto Briefing
Aztec Connect’s abandoned smart contract exploited for $2 million three years after shutdown
Compiled by KHAO Editorial — aggregated from 2 sources. See llms.txt for citation guidance.
◎ Multiple-sources
A deprecated zk-rollup bridge on Ethereum lost roughly 909 ETH, 270,000 DAI, and 167 wstETH after an attacker found a flaw in verification logic no one could patch.
Key facts
- The haul included approximately 909 ETH, 270,000 DAI, and 167 wstETH, along with other ERC-20 tokens
- A deprecated zk-rollup bridge on Ethereum lost roughly 909 ETH, 270,000 DAI, and 167 wstETH after an attacker found a flaw in verification logic no one could patch
- The platform was officially deprecated on March 31, 2023, with the sequencer fully shut down by March 31, 2024
- The Aztec Connect contracts held over $2 million in crypto assets years after the team walked away
Summary
The haul included approximately 909 ETH, 270,000 DAI, and 167 wstETH, along with other ERC-20 tokens. Here’s the thing: nobody could have stopped it. Aztec Connect launched in 2022 as a zk-rollup bridge designed to bring privacy to DeFi interactions on Ethereum. The root cause of the exploit was a mismatch between the contract’s verification and settlement logic.