BEARISH 📉 : Attacker drains $2.19M from deprecated Aztec Connect contract, SlowMist reports

**Aztec Connect Deprecated Contract Exploited for $2.19M**

A legacy Aztec Connect smart contract was exploited for about $2.19 million, according to SlowMist. The breach hit the RollupProcessorV3 contract, long inactive but still live on-chain.

Assets stolen included ETH, DAI, and wstETH.
The attacker exploited a boundary gap vulnerability between transaction counts and decoded slots, allowing improper handling of encoded data and draining funds.

The protocol had been deprecated, but the immutable contract could not be paused.
SlowMist calls this an example of “zombie” smart contracts — abandoned by teams but still holding assets and vulnerable to attack.

Old DeFi infrastructure poses ongoing security risks:

Contracts remain callable and funded even after official shutdown.
Immutable code limits developer options to patch or pause.
Inactive systems often lack monitoring or emergency response.

The case highlights the need for full shutdown planning — user migration, liquidity withdrawal, and public residual risk warnings — when deprecating protocols.

**Key takeaway:** Funds left in outdated smart contracts can be as exposed as those in active systems. In crypto, on-chain permanence means inactive code may still be an active threat.