Crimes and Fraud News

Aztec Connect Hacked Again in One Week — Attacker Drains Another $2.2 Million Via ‘Escape Hatch’

Nana K.

18 June 2026 2 min read

The abandoned protocol has been hit twice in seven days. We break down what happened to the DeFi protocol and who was affected by the second exploit.

On June 18, an attacker withdrew about $2.2M—1,158 Ethereum (ETH), 150K DAI▲$0.9997, and 0.47 renBTC. That follows the June 14 hack, which drained $2.1M.

Hot topic: Bitcoin Drops Below $64K After Hawkish Fed Meeting — Investors Flee Risk Assets

SlowMist and BlockSec confirmed the attack used a vulnerability in the escapeHatch function—a mechanism designed for emergency user withdrawals. The problem: the function had no access control checks. It didn’t verify that the person actually owned the assets. The contract simply accepted forged proofs.

🚨SlowMist TI Alert🚨@aztecnetwork has been exploited again.

💸 Loss: 1,158 ETH▼$1,687.75+150,000 DAI+0.4696 renBTC (~$2,209,704.23 USD)

🔍 Root Cause: The `RollupProcessor.escapeHatch()` function (`0x737901bea3eeb88459df9ef1be8ff3ae1b42a2ba`) lacks access control: no `onlyOwner`, no…
— SlowMist (@SlowMist_Team) June 18, 2026

Contents

1.Why the Aztec Attack Can't Be Stopped: Immutable Contracts, No Keys
2.Old Smart Contracts Are a Growing DeFi Threat

Why the Aztec Attack Can’t Be Stopped: Immutable Contracts, No Keys

Aztec Connect was shut down back in March 2023, when the team moved to a new network. After the closure, Aztec Labs gave up its admin keys, making the smart contracts fully immutable. They can’t be upgraded, patched, or paused. The team has no technical way to intervene.

Importantly, the incident does not affect the AZTEC token or the current Aztec network—this is a completely separate system.

The Aztec Foundation was made aware of a potential exploit targeting a deprecated product which occurred on June 17, 2026. There are no links between this product and any smart contracts related to the current network or the AZTEC ERC20 token.

The product was deprecated 4 years… https://t.co/kANaIuw8HF
— Aztec Foundation (@aztecFND) June 18, 2026

SlowMist analysts noted that the vulnerable mechanism was removed from the main codebase, but the deployed contract still contained the old verification module.

“Old contracts continue to be targets for hackers. When protocols wash their hands of maintenance, they become even more attractive targets,” Blockful warned.

Old Smart Contracts Are a Growing DeFi Threat

June also saw a $1.3M hack of Raydium via deprecated liquidity pools. These incidents show that even abandoned smart contracts remain tempting targets as long as they hold funds.

According to DeFiLlama, about $44M has been stolen across at least 12 attacks in June 2026 alone. This period has been one of the worst for DeFi, with more than 30 protocols hacked for over $600M, including the record $292M Kelp DAO exploit.

For investors, this is a reminder to regularly audit positions in old protocols and withdraw funds from contracts that are no longer supported. For developers, the lesson is clear: giving up admin keys should only happen after all assets have been cleared out. Otherwise, “abandoned” money becomes a prime target.

Learn more: Quantum Computing Threat to Bitcoin — Real or Hype?