Wasabi Protocol Loses $5M in Admin Key Hack Across Three Chains

Wasabi Protocol Loses $5M in Admin Key Hack Across Three Chains

N
News Editor 01
2026-07-08 14:20:16
On April 30, 2026, Wasabi Protocol suffered a key management breach losing approximately $4.5–5.5 million across Ethereum, Base, and Blast chains. The attacker exploited the deployer's private key to upgrade proxy contracts and drain funds. Users are urged to revoke approvals immediately.
Wasabi ProtocolDeFi SecurityPrivate Key LeakCross-Chain AttackApril 2026 Hacks

On April 30, 2026, decentralized finance protocol Wasabi Protocol suffered a critical security incident when an attacker seized the deployer EOA admin key, draining an estimated 4.5 to 5.5 million dollars from perp vaults and liquidity pools across three blockchains: Ethereum, Base, and Blast. This incident adds to a devastating month for DeFi, which has seen over 600 million dollars in losses across roughly a dozen confirmed exploits.

Attack Details and Timeline

The compromised address, 0x5c629f8c0b5368f523c85bfe79d2a8efb64fb0c8, was the sole admin key controlling Wasabi's Perpmanager contracts. The attack began around 07:48 UTC and lasted approximately two hours. First, the attacker granted the ADMIN_ROLE to a malicious helper contract. They then executed unauthorized UUPS proxy upgrades on Wasabivault proxies and the Wasabilongpool, before sweeping collateral and pool balances across all three chains.

Security firm Hypernative flagged the incident with high-severity alerts across all three chains in real time. Blockaid, Cyvers, and Defimonalerts also detected the activity. Hypernative confirmed it is not a Wasabi customer but detected the breach independently and pledged a full technical analysis.

Lost Assets Breakdown

The largest single loss was reportedly 840.9 WETH, worth over 1.9 million dollars at the time of the attack. Other drained assets included sUSDC, sREKT, PEPE, MOG, NEIRO, ZYN, and bitcoin, along with Base-chain assets such as VIRTUAL, AERO, and cbBTC. According to Defillama data, Wasabi's total value locked (TVL) stood at roughly 8.5 million dollars across chains before the exploit.

Root Cause: Key Management Failure, Not Code Vulnerability

This was a key-management failure, not a smart contract vulnerability. No reentrancy or logic exploits were involved. The attacker likely obtained the private key through phishing, malware, or direct theft, then abused the upgradeable proxy architecture to drain funds without triggering conventional security checks. Wasabi Protocol had previously undergone audits from Zellic and Sherlock, but this attack bypassed those protections entirely because it targeted the centralized control point.

Related Projects and Mitigation

Virtuals Protocol, which powered margin deposits through Wasabi, moved quickly after the breach was detected. The team froze all margin deposits and confirmed its own security remained fully intact. Trading, withdrawals, and agent operations on Virtuals continued without disruption. The team warned users to avoid signing any Wasabi-related transactions.

As of the latest available data, Wasabi Protocol had not issued a public statement or incident post. The protocol has previously communicated quickly during unrelated incidents.

Urgent Action Required for Users

Users with exposure are advised to revoke all Wasabi approvals across Ethereum, Base, and Blast immediately. Tools like Revoke.cash, Etherscan, and Basescan can help identify active approvals. Any remaining LP positions should be withdrawn without delay. No Wasabi-related transactions should be signed until the team confirms key rotation and full contract integrity.

Broader Context: April 2026 DeFi Attack Wave

The Wasabi breach did not happen in isolation. April 2026 has seen more than 600 million dollars drained from DeFi protocols across roughly a dozen confirmed incidents, making it one of the worst months on record. The month opened on April 1 with attackers draining approximately 285 million dollars from Drift Protocol on Solana in under 20 minutes using governance manipulation and oracle abuse. A second major blow came around April 18 when a Layerzero bridge exploit hit KelpDAO on Ethereum, draining roughly 292 million dollars in rsETH and triggering over 10 billion dollars in downstream contagion across lending platforms, including Aave. Smaller hits landed throughout the month on Silo Finance, Cow Swap, Grinex, Rhea Finance, and Aftermath Finance.

The pattern across nearly every incident points away from code-level bugs and toward admin key compromises, bridge weaknesses, and upgradeable proxy risks, exposing centralized control points that audits alone cannot protect against.

The Wasabi situation remains active. Users should monitor the official @wasabi_protocol account and security firm feeds for updates.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.