June 14, 2026, 12:26:23 PM UTC, Aztec Connect, the privacy protocol on Ethereum that has been deprecated for 3 years and is immutable, experienced an exploit totaling ~$2.1-2.19 million. This incident was independently confirmed by two on-chain security firms, CertiK Alert and BlockSec Phalcon, almost simultaneously, and was officially acknowledged by the Aztec Foundation and Aztec Labs through their verified accounts.
The drained funds consisted of 908,987 ETH (~$1.51 million) and six ERC-20 tokens (DAI, wstETH, yvDAI, yvWETH, LUSD, yvLUSD) valued at approximately ~$662 thousand, all transferred to address 0x0F18D8b44a740272f0be4d08338d2b165b7EdD17, which is now tagged "Aztec Exploiter 1" by Etherscan. The attacker's wallet was initially funded with 0.1 ETH from Tornado Cash 7 hours before execution, then deployed eight smart contracts in a burst, one of which was used as an intermediary to call a custom function that triggered the transfer of funds from the Aztec Connect contract.
Aztec Foundation has officially stated that this incident is unrelated to the AZTEC token (ERC-20) smart contract or the currently operating Aztec Network; Aztec Connect is an older, separate product.
The technical mechanism of the exploit is still under investigation by both security firms, and to date, the funds from the exploit have not moved from the attacker's address.
References:
https://etherscan.io/address/0x0F18D8b44a740272f0be4d08338d2b165b7EdD17
https://etherscan.io/tx/0x074ec9317d8336db37e8c348fbdd7515573ff4088239c77ab429f522509aeeb1
https://x.com/aztecFND
https://www.weex.com/news/detail/certik-aztec-router-contract-suspected-of-being-attacked-approximately-219-million-in-assets-flowed-out-abnormally-jsewnat0t14g3xswejwioy60
The drained funds consisted of 908,987 ETH (~$1.51 million) and six ERC-20 tokens (DAI, wstETH, yvDAI, yvWETH, LUSD, yvLUSD) valued at approximately ~$662 thousand, all transferred to address 0x0F18D8b44a740272f0be4d08338d2b165b7EdD17, which is now tagged "Aztec Exploiter 1" by Etherscan. The attacker's wallet was initially funded with 0.1 ETH from Tornado Cash 7 hours before execution, then deployed eight smart contracts in a burst, one of which was used as an intermediary to call a custom function that triggered the transfer of funds from the Aztec Connect contract.
Aztec Foundation has officially stated that this incident is unrelated to the AZTEC token (ERC-20) smart contract or the currently operating Aztec Network; Aztec Connect is an older, separate product.
The technical mechanism of the exploit is still under investigation by both security firms, and to date, the funds from the exploit have not moved from the attacker's address.
References:
https://etherscan.io/address/0x0F18D8b44a740272f0be4d08338d2b165b7EdD17
https://etherscan.io/tx/0x074ec9317d8336db37e8c348fbdd7515573ff4088239c77ab429f522509aeeb1
https://x.com/aztecFND
https://www.weex.com/news/detail/certik-aztec-router-contract-suspected-of-being-attacked-approximately-219-million-in-assets-flowed-out-abnormally-jsewnat0t14g3xswejwioy60