An attacker drained roughly $2.18 million from Aztec Connect, the shut down zk.money privacy rollup, on Ethereum. They submitted forged validity proofs that the rollup's own verifier accepted, which let them withdraw all of the remaining funds, about 909 ETH plus DAI, wstETH, LUSD and some Yearn vault tokens, straight into their own wallet in a single transaction. Aztec Connect was retired in 2024 and its contracts are frozen and unmaintained, so the flaw could not be patched. This is the older zk.money product, not the live Aztec Network, which was not affected. As of now the stolen funds are sitting untouched in the attacker's wallet.
Live Aztec Networksafe(separate, current system, not affected)
Active Aztec userssafe
Aztec Connect leftover depositsdrained(roughly $2.18 million in ETH, DAI, wstETH, LUSD and Yearn vault tokens, drained in full)
What the score saw
We assessed Aztec Connect on June 3, eleven days before the exploit, and rated its risk on the cautious side. Our two weakest scores were its reliance on the zero-knowledge proving system underneath it, and its end-of-life, unmaintained status. That is exactly where this hack landed: a soundness failure in the proving system, on frozen contracts that could no longer be patched. The assessment named the weak spots that were exploited.
Exploit anatomy
The attacker deployed a set of helper contracts, then called their orchestrator, which submitted forged validity proofs to the Aztec Connect rollup. The rollup's verifier accepted the proofs as valid, and about 909 ETH plus DAI, wstETH, LUSD and Yearn vault tokens were released into the attacker wallet, where they remain.
unmaintained rollup has no monitor, freeze, or governance clawback to stop the drain
missing control
Untouched
Safe. The live Aztec Network L2 and its current contracts were not affected. This was the deprecated zk.money product.
Mechanism
The attacker submitted forged rollup validity proofs that Aztec Connect's genuine verifier accepted, authorizing a withdrawal of all residual funds. Not a contract bug, a proving-system soundness failure on an immutable, unmaintained rollup.
In a single transaction the attacker called the orchestrator, which drove a helper contract to submit a sequence of seven rollup proofs to the Aztec Connect rollup processor.
For each proof the rollup processor delegated to its implementation and called the on-chain verifier, which ran the elliptic curve pairing check and accepted the proof as valid. The verifier is the genuine Aztec contract, not a replacement.
The final accepted proof encoded a withdrawal of all remaining funds. About 908.99 ETH plus DAI, wstETH, LUSD, and Yearn vault tokens (yvDAI, yvWETH, yvLUSD) were released to the attacker wallet, roughly $2.18 million in total.
Aztec Connect (zk.money) is a zero-knowledge rollup that releases funds whenever a submitted rollup proof is accepted by its on-chain verifier. The verifier (Verifier28x32 at 0xb7baa1420f) and the implementation (RollupProcessorV3 at 0x7d657ddc) are the genuine Aztec contracts deployed at the product's 2024 sunset, and the attacker did not replace them. The attacker instead produced forged validity proofs that the genuine verifier accepted, authorizing a withdrawal of all residual assets to themselves. This is a soundness failure in the proving system: a proof verified for a state transition that should have been impossible. It aligns with Aztec's own March 2026 disclosure of a critical proving-system vulnerability whose fix is held until a July 2026 release. The live Aztec Network defends against the same class with validator re-execution, but the frozen, immutable Aztec Connect contracts cannot be patched and their verification key cannot be rotated, so the leftover funds were exposed the moment the flaw became exploitable.
Prevention analysis
Similar incidents
FOOMCASH (2026)
A zero-knowledge verifier soundness flaw (a mistake in the Groth16 verifier's elliptic curve constants) let an attacker forge proofs and drain about $2.26 million. Same class: a valid-looking proof for an invalid action.
Zcash Orchard (2026)
A spend-authorization forgery flaw in a zero-knowledge proof system, disclosed June 2026 and fixed by an emergency hard fork. Same family: the proof system fails to bind what it is meant to prove.
Remediation
1.Treat this as unrecoverable on-chain. The contracts are immutable and unmaintained, so there is no patch, pause, or upgrade available for Aztec Connect.
2.Users with leftover zk.money balances should assume the residual pool is drained and follow any official Aztec guidance.
3.Across the industry, any immutable on-chain zero-knowledge verifier with a fixed verification key should ship with a rotation or pause path, and ideally an independent re-execution check, so a proving-system flaw cannot become an instant drain.
4.Sweep residual balances out of retired contracts at end-of-life rather than leaving them behind a frozen verifier.
Timeline
2024-03-31Aztec Connect (zk.money) reaches end-of-life and is retired.
2024-04-08Final rollup implementation and verifier deployed, enabling permissionless withdrawals.
2026-03-17Aztec discloses a critical proving-system vulnerability, with the fix deferred to a July 2026 release.
