A legacy Aztec Connect contract was exploited years after it was shut down, but the current Aztec infrastructure is not affected.
Frequently Asked Questions
Here is a list of FAQs about the Aztec Connect contract draining written in a natural conversational tone
BeginnerLevel Questions
Q What is Aztec Connect
A It was a privacyfocused service built on top of Ethereum that allowed people to make private transactions It was shut down three years ago
Q What exactly happened
A A hacker drained 21 million from the old inactive Aztec Connect contract Even though the service was shut down the contract still held funds and someone found a way to take them
Q Who lost the money
A The money belonged to users who had previously deposited funds into the Aztec Connect system and never withdrew them before it shut down
Q How did they steal the money from a shut down contract
A Even when a service is shut down the smart contract code still exists on the blockchain The hacker exploited a vulnerability in that old code to move the funds
Q Is my money safe if I used Aztec Connect
A If you withdrew your funds before the shutdown you are safe If you left money in the contract it is likely gone
IntermediateLevel Questions
Q Why was there still 21 million in a contract that was shut down three years ago
A Many users forgot about their deposits lost their private keys or simply assumed the funds would be safe forever The project likely didnt force a withdrawal or move the funds to a secure vault
Q Was this a hack or a legal exploit
A Its technically an exploit The hacker used the contracts code as it was written but in a way the original developers didnt intend Its generally considered theft
Q Could the Aztec team have prevented this
A Yes They could have created a withdrawal mechanism to move all remaining funds to a secure multisig wallet before shutting down or they could have frozen the contract
Q How was the vulnerability discovered
A The details are still emerging but it likely involved a public function in the old contract that was meant to be called only by the system but wasnt properly protected The hacker found this loophole
Q Can the funds be recovered
A Its very unlikely Blockchain