Wasabi Protocol suffered an exploit that drained more than $5 million across multiple blockchains, according to security firms. The attack began early Thursday and involved a compromised deployer EOA admin key that controlled core contracts. The attacker used the access to execute unauthorized upgrades and move funds across Ethereum, Base, and Blast.
Security firms like PeckShieldAlert reported the incident on X, stating, “Wasabi Protocol has been exploited for $5M+ across multiple chains, including Ethereum, Base, Berachain, & Blast.” Investigators linked the activity to a single address with administrative control over the protocol’s contracts.
Hypernative detected the exploit at 07:48 UTC and issued high-severity alerts. The firm said, “Wasabi Perp Drained for ~$5M+ Across Three Chains via Deployer Key Compromise.” It added that the attack lasted about two hours and affected multiple vaults and liquidity pools.
The attacker used the deployer key to grant ADMIN_ROLE to a malicious contract and execute transactions across several WasabiVault proxies. These included calls to strategyDeposit to redirect collateral. The attacker also upgraded the WasabiLongPool contract to a malicious implementation to transfer remaining balances.
Blockaid reported similar findings, stating, “The Wasabi: Deployer EOA was used to grant ADMIN_ROLE… then UUPS-upgraded the perp vaults and LongPool.”
Funds movement and asset impact
The attacker consolidated the stolen assets into ETH and distributed them across multiple addresses, with some transactions linked to Tornado Cash. The largest single loss totaled ~840.9 WETH, valued at more than $1.9 million. Other affected assets included sUSDC, PEPE, MOG, NEIRO and cbBTC. Wasabi’s total value stood at about $8.5 million before the exploit, according to DeFiLlama data.
The incident did not involve a smart contract vulnerability; the breach is attributed to a compromised private key that enabled administrative access. The attacker used that access to execute transactions through upgradeable proxy contracts.
Official response and wider industry pattern
Wasabi Protocol posted: “We’re aware of an issue and are actively investigating. As a precaution, please do not interact with Wasabi contracts until further notice. We’ll share an update as soon as we have more information.” Users are strongly advised to revoke approvals and avoid interactions.
Virtual’s Protocol froze margin deposits linked to Wasabi integrations following the exploit. The team said its systems remained secure and unaffected. It also warned users against signing Wasabi-related transactions.
This exploit continues a troubling April month, one of the worst for DeFi, where more than $606 million has been stolen through various hacks. The hacks started on April 1, when hackers stole $285 million from the Drift Protocol, which operates on the Solana network. Around April 18, another LayerZero-related hack occurred on KelpDAO, resulting in $292 million being stolen.
Also Read: Kazakhstan Targets Illicit Crypto Network, Seizes $3.2M in USDT
