Wasabi Protocol Exploit Drains Over $5M Across Multiple Chains As Admin Key Compromise Suspected
Web3 security incident has affected Wasabi Protocol across multiple blockchains, with on-chain activity indicating losses exceeding $5 million on networks including Ethereum, Base, Berachain, and Blast, according to Web3 security services provider PeckShield.
Security monitoring firm Phalcon offered a preliminary analysis suggesting that accounts previously funded through Tornado Cash were later assigned ADMIN_ROLE-related permissions and participated in flows involving WasabiLongPool, WasabiShortPool, and WasabiVault contracts. The findings were shared for public visibility, with calls for further clarification regarding fund transfers and administrative role changes.
Separately, blockchain security platform Blockaid reported that a deployer externally owned account was used to grant administrative privileges to an attacker-associated contract, which then executed upgrade actions through a UUPS mechanism, replacing vault and perpetual pool implementations with malicious versions that drained user balances.
Blockaid further assessed that all Wasabi and related liquidity provider share tokens issued by the affected vaults should be considered compromised, as the underlying collateral had been drained or placed at risk while the deployer key remained active. The report noted that while token balances may still display nominal value, actual redemption value had effectively dropped to zero or was rapidly declining. Contracts cited as impacted included multiple vaults such as wWETH, sUSDC, wBITCOIN, and wPEPE on Ethereum, as well as sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, and sBRETT vaults on Base, according to the security assessment.
On-chain analyst Cos raised concerns over the structure of control within the protocol, estimating losses above $4.5 million and highlighting that a single externally owned account appeared to govern multiple upgradeable vaults without multisignature protection, timelock mechanisms, or DAO-based oversight. Independent investigator ZachXBT similarly questioned the absence of standard security safeguards, suggesting that a leaked private key may have enabled the exploit.
Exploit Triggers Investigation And Precautionary Measures Across Wasabi Partner Networks
In response to the incident, Wasabi Protocol stated that an investigation was underway and advised users not to interact with its contracts until further notice, with additional updates promised as more information becomes available.
Berachain, one of the affected networks, also issued a warning advising users to withdraw funds immediately, estimating that approximately $50,000 in user funds on its network could be affected. Users were directed to revoke permissions using revoke.cash, while reward vault operations were temporarily paused as a precaution.
Virtuals Protocol separately stated that its own systems remained secure but confirmed that it had suspended margin deposits integrated with Wasabi infrastructure as a precautionary measure.
Users holding Wasabi liquidity provider tokens were broadly advised to revoke any active approvals tied to vault contracts, given that the collateral backing these instruments had been drained or remained at risk.
Wasabi Protocol operates as a perpetuals trading platform on Ethereum and Base, offering leveraged trading, token swaps, and yield features with leverage of up to 20x. The protocol is designed so that leveraged positions are backed by underlying assets held in custody rather than synthetic exposure, with ETH positions reportedly collateralized by actual ETH held within the system.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in crypto, AI, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in crypto, AI, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
