Wasabi Protocol Exploit Drains Over $5M Across Multiple Chains As Admin Key Compromise Suspected

Web3 security incident has affected Wasabi Protocol across multiple blockchains, with on-chain activity indicating losses exceeding $5 million on networks including Ethereum, Base, Berachain, and Blast, according to Web3 security services provider PeckShield. 

Security monitoring firm Phalcon offered a preliminary analysis suggesting that accounts previously funded through Tornado Cash were later assigned ADMIN_ROLE-related permissions and participated in flows involving WasabiLongPool, WasabiShortPool, and WasabiVault contracts. The findings were shared for public visibility, with calls for further clarification regarding fund transfers and administrative role changes.

Separately, blockchain security platform Blockaid reported that a deployer externally owned account was used to grant administrative privileges to an attacker-associated contract, which then executed upgrade actions through a UUPS mechanism, replacing vault and perpetual pool implementations with malicious versions that drained user balances.

Blockaid further assessed that all Wasabi and related liquidity provider share tokens issued by the affected vaults should be considered compromised, as the underlying collateral had been drained or placed at risk while the deployer key remained active. The report noted that while token balances may still display nominal value, actual redemption value had effectively dropped to zero or was rapidly declining. Contracts cited as impacted included multiple vaults such as wWETH, sUSDC, wBITCOIN, and wPEPE on Ethereum, as well as sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, and sBRETT vaults on Base, according to the security assessment.

On-chain analyst Cos raised concerns over the structure of control within the protocol, estimating losses above $4.5 million and highlighting that a single externally owned account appeared to govern multiple upgradeable vaults without multisignature protection, timelock mechanisms, or DAO-based oversight. Independent investigator ZachXBT similarly questioned the absence of standard security safeguards, suggesting that a leaked private key may have enabled the exploit.

Exploit Triggers Investigation And Precautionary Measures Across Wasabi Partner Networks

In response to the incident, Wasabi Protocol stated that an investigation was underway and advised users not to interact with its contracts until further notice, with additional updates promised as more information becomes available.

Berachain, one of the affected networks, also issued a warning advising users to withdraw funds immediately, estimating that approximately $50,000 in user funds on its network could be affected. Users were directed to revoke permissions using revoke.cash, while reward vault operations were temporarily paused as a precaution.

Virtuals Protocol separately stated that its own systems remained secure but confirmed that it had suspended margin deposits integrated with Wasabi infrastructure as a precautionary measure.

Users holding Wasabi liquidity provider tokens were broadly advised to revoke any active approvals tied to vault contracts, given that the collateral backing these instruments had been drained or remained at risk.

Wasabi Protocol operates as a perpetuals trading platform on Ethereum and Base, offering leveraged trading, token swaps, and yield features with leverage of up to 20x. The protocol is designed so that leveraged positions are backed by underlying assets held in custody rather than synthetic exposure, with ETH positions reportedly collateralized by actual ETH held within the system.

The post Wasabi Protocol Exploit Drains Over $5M Across Multiple Chains As Admin Key Compromise Suspected appeared first on Metaverse Post.