Wasabi Protocol Exploit Drains Over $5M After Admin Key Takeover
Highlights:
- Wasabi protocol lost over $5 million after the attacker gained deployer admin access.
- Blockaid linked the drain to malicious contract upgrades and missing admin safeguards.
- Security firms traced the exploit across Ethereum, Base, Berachain, and Blast.
DeFi derivatives platform Wasabi protocol suffered a multi-chain exploit on Thursday after an attacker gained control of the project’s deployer admin key. The incident drained an estimated $4.5 million to more than $5 million from the perp vaults and liquidity pools. The attack affected Ethereum, Base, Berachain, and Blast, with losses spread across several vault contracts.
Advertisement
Admin Key Control Opened the Route Into Vaults
Blockaid said the attacker used the deployer key to grant fresh admin privileges through Wasabi’s permission system. This step gave the attacker control over sensitive contract functions without any delay. After that, a helper contract upgraded Wasabi’s perp vaults and LongPool into malicious versions.
The exploit centered on UUPS upgradeability, a common contract design that lets developers change contract logic without moving users to new addresses. However, that flexibility turns dangerous when one wallet controls upgrades. In this case, the attacker changed the logic and then drained assets.
🚨 Blockaid's exploit detection system identified an on-going admin-key compromise exploit on @wasabi_protocol across Ethereum and Base. The Wasabi: Deployer EOA was used to grant ADMIN_ROLE to an attacker helper contract, which then UUPS-upgraded the perp vaults and LongPool to…
— Blockaid (@blockaid_) April 30, 2026
Blockaid further added that Wasabi Protocol lacked a timelock or multisig around the admin role. Therefore, a single compromised key had full authority over major protocol changes. A timelock would have delayed the upgrade, while a multisig would have required several signers.
The affected contracts included wWETH, sUSDC, wBITCOIN, wPEPE, and Long Pool vaults on Ethereum. On Base, Blockaid listed sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, and sBRETT vaults among the compromised pools.
Blockaid also warned that Wasabi and Spicy LP-share tokens had lost their backing or still faced risk while the deployer key remained active. As a result, traders treated the related LP positions as impaired after the vault balances disappeared.
Security Firms Track Funds Across Several Chains
PeckShield said the attack ran across Ethereum, Base, Berachain, and Blast. Meanwhile, BlockSec reported traces indicating that Tornado Cash-funded accounts were granted admin-related roles. Those accounts then interacted with LongPool, ShortPool, and Vault contracts tied to the platform.
Cyvers also stated that the attacker extracted several assets, including WETH, PEPE, MOG, USDC, ZYN, REKT, cbBTC, AERO, and VIRTUAL. The funds later moved into ETH, crossed back to Ethereum, and spread across multiple addresses.
Meanwhile, the Wasabi Protocol team has acknowledged the issue on X and said it has started an investigation. It also told users not to interact with Wasabi contracts until it shared another update. Separately, Virtuals Protocol said its own security remained intact, yet it froze Wasabi-powered margin deposits as a precaution.
We're aware of an issue and are actively investigating.
As a precaution, please do not interact with Wasabi contracts until further notice.
We'll share an update as soon as we have more information. Thanks for your patience.
— Wasabi Protocol 🟢 (@wasabi_protocol) April 30, 2026
April Losses Deepen Across DeFi Markets
The Wasabi Protocol incident occurred during a period when DeFi security faced a brutal hit. In April alone, reported losses have exceeded $600 million across at least 25 protocols, with Kelp DAO leading the month’s largest exploit.
On April 19, Kelp DAO suffered a $292 million loss after an attacker exploited its LayerZero bridge using a single-verifier configuration. The attacker released unbacked rsETH, which he used as collateral to borrow real ether from Aave.
Meanwhile, ZetaChain reported an incident that involved a GatewayEVM exploit, resulting in losses worth $333,868 on April 26. In this case, the attacker targeted its cross-chain messaging pipeline and drained funds from three controlled wallets.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
Raymond Munene
Raymond Munene is a crypto content writer who contributes to Crypto2Community. With over three years of experience, he is interested in Bitcoin, Blockchain, and Technical Analysis. Focusing on daily market analysis, his research helps traders and investors alike. His particular interest in cryptocurrency and blockchain aids his audience.
View full profile ›ℹ️About Crypto2Community's Editorial Process
Crypto2Community's editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict editorial policy and sourcing standards, and each page undergoes diligent review by our team of top crypto industry experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
