$2.19M stolen from deprecated Aztec Connect smart contract

min

**Aztec Connect Legacy Contract Exploited for $2.19M**

A $2.19M theft hit Aztec Connect’s old infrastructure, SlowMist reports.
The exploited smart contract was part of a deprecated system, not the current Aztec network.

The breach underscores a core DeFi risk — **immutable legacy contracts** can remain exploitable for years after a protocol moves on.

  • SlowMist’s analysis confirms attackers targeted an abandoned Aztec Connect contract.
  • No compromise detected in Aztec’s active protocol.
  • Issue stems from immutable code staying on-chain with live permissions or assets.
  • Users interacting with old contracts face operational and security risk even post-deprecation.

Legacy contracts differ from traditional software — they cannot be patched or removed. If funds remain and permissions stay valid, they form an ongoing attack surface.

SlowMist notes the immutability trade-off: it prevents arbitrary rule changes but limits response once vulnerabilities appear.
This incident shows that sunsetting a protocol does not erase its risk profile.

**Key takeaways for traders and developers:**
- Verify whether a protocol still supports a contract before interacting.
- Check for migration paths, monitoring, and withdrawal options.
- For builders, plan deprecation with clear warnings, timeframes, and emergency procedures.

Abandoned on-chain infrastructure can stay part of DeFi’s security perimeter for years — attackers will keep scanning it for unclaimed assets and overlooked permissions.