The cryptocurrency industry is once again facing difficult questions about the dangers of outdated infrastructure after privacy-focused Ethereum protocol Aztec suffered its second major security breach within days. The latest attack resulted in losses exceeding $2 million, intensifying concerns surrounding abandoned smart contracts and dormant assets left behind on legacy blockchain systems.
Cybersecurity experts say these incidents serve as a warning to decentralized finance (DeFi) projects that old, deprecated contracts can remain attractive targets for hackers even years after they are no longer actively maintained.
Another Multi-Million Dollar Attack Hits Aztec
According to blockchain security researchers, the latest exploit targeted the bridge infrastructure associated with Aztec’s private rollup services. Hackers reportedly stole:
- 1,158 ETH
- 150,000 DAI
- 0.46 RENBTC
The total value of the stolen assets was estimated at approximately $2.15 million.
SlowMist co-founder Cos revealed that preliminary investigations suggest the attacker exploited vulnerabilities related to a fake rollup proof, allowing unauthorized withdrawal of funds from the system.
The attack comes only days after another breach involving Aztec Connect, making this the second security incident to affect the protocol in less than a week.
Aztec Labs Confirms the Incident
Aztec Labs later confirmed the breach and clarified that the attack targeted an immutable smart contract associated with a discontinued payment product launched in 2022.
Importantly, the company stated that it no longer had administrative control over the contract.
Because the contract was immutable and lacked admin keys, there was no mechanism available to intervene once the exploit occurred.
Aztec Labs emphasized that this attack was separate from the previous exploit involving Aztec Connect and insisted that the newer Aztec Network platform remains unaffected.
Legacy Contracts Become Unexpected Targets
Although Aztec Connect was officially deprecated in March 2023, the contract still held assets belonging to users who had not withdrawn their funds.
This lingering presence of dormant assets proved costly.
Hackers managed to exploit vulnerabilities within the old infrastructure and extract more than $2.1 million worth of cryptocurrency.
According to cybersecurity experts, abandoned smart contracts continue to represent significant security risks because they often remain permanently deployed on blockchains and cannot easily be altered or disabled.
These contracts effectively become permanent targets for malicious actors.
Experts Warn About Outdated Infrastructure
Following the latest incidents, blockchain security firm SlowMist urged protocols to migrate assets from deprecated contracts and retire legacy systems more aggressively.
The firm recommended:
- Organizing systematic asset migrations.
- Encouraging users to withdraw dormant funds.
- Monitoring old contracts continuously.
- Conducting regular security audits.
- Establishing emergency response mechanisms.
SlowMist warned that many blockchain projects underestimate the risks associated with old infrastructure.
A Growing Pattern Across DeFi
The Aztec attacks are not isolated incidents.
Several recent cryptocurrency hacks have exposed vulnerabilities in abandoned or outdated systems.
Raydium Loses $1.3 Million
Earlier in June, decentralized exchange Raydium suffered losses of around $1.3 million due to weaknesses linked to legacy infrastructure.
Echo Protocol Exploit
In May, decentralized finance protocol Echo Protocol, built on the Monad blockchain, experienced a massive breach.
Attackers managed to mint approximately 1,000 unauthorized eBTC tokens valued at around $76.7 million.
Security firms PeckShield and Lookonchain discovered that hackers attempted to launder part of the stolen assets through DeFi lending platform Curvance.
About 45 eBTC, worth roughly $3.45 million, were deposited into the protocol.
These incidents highlight a broader problem facing the crypto ecosystem.
Why Old Smart Contracts Remain Dangerous
One of blockchain’s biggest strengths—immutability—can also become a weakness.
Once deployed, many smart contracts cannot be modified or shut down.
Even when protocols stop using them, the contracts remain active on-chain.
If assets are left inside these contracts, hackers may eventually discover vulnerabilities and exploit them.
Risk analysis platform Blockful summarized the issue on social media, stating:
“Old contracts continue to be bug bounties available to hackers. With protocols removing their responsibility to maintain them, they become even more tempting.”
The comment reflects growing concern that outdated infrastructure could become one of the industry’s biggest security challenges.
Why Immutable Contracts Create Problems
Immutable contracts provide transparency and decentralization because no central authority can change their code.
However, this also means:
No Emergency Fixes
Developers cannot patch vulnerabilities after deployment.
No Admin Intervention
If hackers exploit a weakness, teams may have no ability to freeze or recover stolen assets.
Dormant Assets Remain Vulnerable
Forgotten user funds become targets.
Legacy Risks Increase Over Time
As technology evolves, older code may contain flaws that were unknown when initially created.
Security Must Continue Beyond Product Lifecycles
One major lesson from the Aztec breaches is that shutting down a product does not eliminate security responsibilities.
Projects often focus resources on newer platforms while assuming deprecated infrastructure no longer poses risks.
However, as these attacks demonstrate, attackers actively search for forgotten contracts containing dormant assets.
Experts believe protocols should continue maintaining visibility over retired systems even years after discontinuation.
Investor Confidence Faces Another Test
Repeated exploits have raised concerns among investors regarding trust and security in decentralized finance.
Despite billions of dollars being locked in DeFi platforms, attacks continue to expose vulnerabilities that threaten user confidence.
According to blockchain analytics firms, cryptocurrency thefts and hacks have already caused billions of dollars in losses over recent years.
The latest incidents reinforce the need for:
- Better auditing practices.
- Continuous monitoring.
- Stronger risk management.
- Cross-platform security collaboration.
- Improved user awareness.
The Future of Smart Contract Security
As blockchain ecosystems mature, experts believe security models must evolve beyond focusing only on active products.
The industry may increasingly adopt:
Automatic Asset Migration Systems
Protocols could automatically transfer funds from deprecated contracts into safer environments.
Time-Based Contract Expiry
Smart contracts may eventually include built-in expiration mechanisms.
Continuous Auditing
AI-powered tools could continuously monitor older code for vulnerabilities.
Insurance and Recovery Mechanisms
Decentralized insurance products could help protect users against unexpected exploits.
Final Thoughts
The second major breach affecting Aztec within days serves as another reminder that cybersecurity challenges in crypto extend far beyond active platforms.
Legacy smart contracts containing dormant assets are emerging as attractive targets for attackers, creating risks that many protocols may have underestimated.
While Aztec Labs clarified that the latest attack involved discontinued products rather than its next-generation network, the incident highlights a larger issue facing the decentralized finance industry.
As blockchain ecosystems continue expanding, maintaining old infrastructure may prove just as important as building new innovations.
In the world of crypto, forgotten code can become an expensive liability—and hackers are always watching.
