The contract validated mathematical proofs but did not check whether the person sending them had authorization.
Old Ethereum contracts are targets of AI attacks.
On June 14, an attacker drained more than $2.1 million from abandoned contracts from Aztec Connect, a decentralized finance (DeFi) protocol on Ethereum with no activity since 2023, as confirmed by Aztec Labs, the company behind Aztec Connect. Security firm BlockSec had previously reported the theft.
Aztec Connect, launched in 2022, worked as a bridge (bridge) of Ethereum with privacy technology based on zero-knowledge proofs (zka system that groups together many transactions and mathematically proves that they are valid without revealing their details).
The protocol was discontinued in March 2023, when the Aztec Labs team stopped accepting deposits and redirected their resources to the current Aztec network. The contract affected by the theft, called RollupProcessorV3continued to contain funds from users who never withdrawn them.
In 2024 Aztec Labs formally resigned to your administrator keys on that contractleaving it completely immutable (without the possibility of pausing it or updating it by anyone, not even its creator).
The transaction that caused the theft, according to BlockSecincluded 909 ETH (ether), 270,000 DAI (a stablecoin), and 167 wstETH (staked ether, a version that continues to generate yield while used in other protocols), in addition to smaller amounts of other assets.
A valid test, but without permission
From BlockSec they assure that the cause of the attack is a Access control failure in processRollup() function of RollupProcessorV3 contract. This function had to verify two things before accepting an operation, that the person sending it was an authorized rollup provider, that is, an address enabled to package the operations of many users into a single batch and send it to the contract to process them all together.
On the other hand, an emergency mechanism known as escape was activated hatch (escape route), designed so that users could withdraw their funds on their own if the system stopped operating. According to BlockSec research, neither condition was actually required in the codewhich left the function open to anyone.
In practice, the contract only checked that the ZK-based cryptographic proof presented was mathematically consistent, without checking who sent it. The attacker took advantage of this omission, as explained by the BlockSec team.
“Initial analysis suggests that the root cause could be a missing access control in processRollup(), a function that should require either an authorized rollup provider or the escape path to be active, but the implementation did not require either condition,” the firm noted.
From another security firm, ExVul, They described the failure as a “valid proof, but without permission” logic, and it was detailed that the attacker presented evidence of rollup falsified that met the mathematical checks without real support in funds, which allowed him to update the system status and execute a series of unauthorized withdrawals.
Abandoned contracts, recurring target
The Aztec Connect case is not an isolated event. In March, CriptoNoticias reported a similar pattern in another contract called Noda, six years old and less than 300 lines of code, which was drained by a signature verification flaw that was never fixed.
The mechanism of that attack was different from that of Aztec Connect (in Noda, the contract accepted any valid signature from an address without checking which operation it corresponded to, while in RollupProcessorV3 the fault was in who could call a function), but both cases share the same root, code deployed years ago, without active maintenance, which still has control over funds or user permissions.
This common point was pointed out by the Keystone team (company that created one of the most used hardware wallets on the market) when analyzing the Noda case, as reported by CriptoNoticias. According to Keystone, when a user approves a DeFi contract to move their tokens, that authorization has no expiration date, so contracts approved six or more years ago continue to have access to those funds even if the protocol is no longer active. A hardware wallet does not mitigate that risk, as it protects the private keys, not the approvals already granted.
Added to this is another aggravating factor: attackers are using artificial intelligence models to trace old contracts on Ethereum and detect vulnerabilities such as those of Noda or Aztec Connect on a scale that would be unfeasible manually. If this hypothesis is confirmed, the universe of “forgotten” contracts with active funds or permits would go from being a dispersed risk to a systematic target. According to Maximilano Carjuzaa, co-founder of Mooney On Chain, almost 100% of the exploits found in recent months were related to the use of AI in some way.
The paradox is that the same technology that could be used to find these flaws also generates them. In February 2025, the Moonwell protocol lost $1.7 million due to an error in a contract written with the assistance of an AI model, which passed all human reviews undetected. Between old contracts that no one reviews and new code that is also not reviewed enough, the question of how many vulnerabilities of this type remain undiscovered in Ethereum is left open.