Aztec Protocol Hit by Two $2.1M Exploits in One Week
Aztec suffered back-to-back $2.1M exploits within days, raising alarms about risks lurking in abandoned smart contracts.
If you thought one $2.1 million hack in a week was bad, Aztec apparently had to learn that lesson twice. The privacy-focused DeFi protocol was hit by a second exploit totaling $2.1 million in less than seven days, according to blockchain security firm SlowMist. Two separate incidents, same price tag — that's a rough stretch by any measure.
The bigger takeaway here isn't just the dollar amount, though. Security researchers are using this incident to flag something the broader crypto world tends to overlook: deprecated smart contracts don't just quietly retire. Once a project stops maintaining a contract, it can sit on-chain essentially forever, and if it has a vulnerability baked in, that vulnerability doesn't disappear with the dev team's attention. Think of it like leaving an unlocked door on a building you no longer use — someone will eventually notice.
Read more Dimensional Fund Advisors Discloses Stake in Gamma Communications →
This is a particularly gnarly problem in DeFi, where protocols regularly launch new versions and shift users to upgraded contracts, but the old ones keep humming along on the blockchain. There's no "patch Tuesday" in crypto. If a deprecated contract holds or can access funds, it becomes a slow-moving target for anyone patient enough to probe it.
For everyday crypto users, this serves as a solid reminder to double-check which contract version you're actually interacting with. Old integrations, third-party frontends, or forgotten wallet approvals can quietly keep you connected to contracts nobody is watching anymore. Revoking unused token approvals is a small habit that can make a meaningful difference.
The back-to-back nature of these exploits suggests the attacker — or potentially different actors — identified a repeatable weakness and moved fast. Whether Aztec or the broader community can contain further damage will likely depend on how quickly the vulnerable contracts can be flagged and drained of any remaining accessible value. Continue reading at Cointelegraph.
