Crimes and Fraud News

Hackers Drain $2.1M From Abandoned Aztec DeFi Protocol

Nana K.

15 June 2026 2 min read

An unknown attacker siphoned more than $2.1M from the deprecated Aztec Connect protocol on Ethereum.

The attack happened on June 14, 2026. The exploit was possible due to incomplete proof verification. CertiK specialists explained that the computeRootHashes() function only checked the start of the proof data—while the parameters for token transfers were buried in the middle. That allowed the attacker to manipulate withdrawal operations.

Hot topic: Bitcoin Price Hits Two-Week High amid Hormuz Deal

The Aztec Foundation was made aware of a potential exploit targeting Aztec Connect which occurred earlier today, June 14, 2026. There are no links between this product and any smart contracts related to the AZTEC ERC20 token, or current Aztec network.

Aztec Connect was… https://t.co/R3eImP8kCR
— Aztec Foundation (@aztecFND) June 14, 2026

Contents

1.How the Hacker Bypassed Security and What Was Stolen
2.Why the Aztec Connect Hack Matters for DeFi

How the Hacker Bypassed Security and What Was Stolen

BlockSec broke down the mechanics. Verified transactions on the Aztec Connect contract weren’t “effectively tied” to the set of transactions confirmed by the ZK-proof. That created a mismatch between the verification logic and Ethereum’s (ETH) settlement logic.

Correct: after diving into the details, our analysis shows that the actual root cause of the @aztecnetwork incident was a mismatch between the verified rollup transaction set and the L1 settlement processing boundary (i.e., numRealTxs / _numTxs).

In Aztec Connect’s… https://t.co/pjAXkXX8Qp pic.twitter.com/nWX8v0HJie
— BlockSec Phalcon (@Phalcon_xyz) June 15, 2026

The attacker submitted seven transactions where the smart contract credited value without on-chain validation, generating unbacked balances for withdrawal.

Total damage: about $2.19M. The haul includes 909 ETH▲$1,811.06, 270,000 DAI▲$0.9998, 167 wrapped staked ether (wstETH), and several other tokens. All of them were sitting on the non-upgradable Aztec Connect Router contract.

#CertiKInsight 🚨

We have detected a suspicious transaction that drained @aztecnetwork Router contract of ~$2.19M by 0x0f18d8b44a740272f0be4d08338d2b165b7edd17 on Ethereum.https://t.co/MizKXnEkTM

Stay Vigilant! pic.twitter.com/iUYMtenQYY
— CertiK Alert (@CertiKAlert) June 14, 2026

The Aztec Foundation stressed that the incident does not affect the AZTEC ERC-20 token or the current Aztec network, a modern privacy-focused ZK-rollup L2. But the vulnerability hit an old product that developers abandoned three years ago.

“Aztec Labs does not hold administrative keys and cannot pause or upgrade the system,” the organization said.

Why the Aztec Connect Hack Matters for DeFi

This exploit is a reminder of a hidden danger in decentralized finance. Even abandoned, fully immutable smart contracts can remain tempting targets if they still hold liquid assets.

According to DeFiLlama, about $44M has already been stolen in June 2026 across at least 12 attacks. The largest was the $30M private key compromise of Humanity Protocol on June 8, followed by the $8M Syscoin Bridge hack the day before the Aztec incident. Days earlier, hackers drained about $1.3M from five deprecated Raydium liquidity pools on Solana (SOL).

While May’s hack losses were down 87.4% from April’s record-breaking $635 million-plus, DeFi security remains a serious problem.

Learn more: How KelpDAO Lost $292M — Inside 2026’s Biggest DeFi Hack and What Went Wrong