Outdated Aztec Connect Contract Breached for $2.19M, SlowMist Reports
Deprecated Aztec Connect Contract Exploited For $2.19M, SlowMist Says
Blockchain security firm SlowMist said a deprecated Aztec Connect smart contract was exploited for $2.19 million, highlighting how older onchain components can remain a security risk even after they are no longer actively used.
Based on SlowMist’s assessment, the incident involved a contract tied to Aztec Connect that had been deprecated—meaning it was intended to be phased out or no longer relied upon—yet was still accessible onchain and vulnerable to abuse.
Smart contracts are typically immutable once deployed, which can leave discontinued or legacy contracts exposed indefinitely. Even when a project has moved on from a specific product or integration, attackers may target outdated contracts if they can still be interacted with and contain exploitable logic or permissions.
The incident matters beyond the immediate loss because it underscores a recurring operational challenge across crypto protocols: decommissioning is not the same as removal. Projects often need clear shutdown procedures—such as disabling entry points, revoking allowances, or otherwise limiting interactions—to reduce the attack surface of deprecated deployments.
SlowMist did not provide additional details in the provided information about the attacker’s method, which assets were affected, or whether any funds were recovered.
