"The compromised address, 0x5c629f8c0b5368f523c85bfe79d2a8efb64fb0c8, was the sole admin key controlling Wasabi's Perpmanager contracts. The attacker reportedly used it to grant the ADMIN_ROLE to a malicious helper contract, then executed unauthorized UUPS proxy upgrades on Wasabivault proxies and the Wasabilongpool before sweeping collateral and pool balances."
"Security firm Hypernative flagged the incident with high-severity alerts across all three chains. Blockaid, Cyvers, and Defimonalerts also detected the activity in real time. Hypernative confirmed it is not a Wasabi customer but detected the breach independently and pledged a full technical analysis."
"The attack began around 07:48 UTC and ran for approximately two hours. The deployer granted ADMIN_ROLE to attacker-controlled contracts on Ethereum, Base, and Blast. A malicious contract then called strategyDeposit() on seven to eight WasabiVault proxies, passing a fake strategy that triggered a drain() function returning all collateral to the attacker."
On April 30, 2026, an attacker seized control of Wasabi Protocol's deployer admin key, resulting in a loss of $4.5 million to $5.5 million. The compromised address controlled Wasabi's Perpmanager contracts, allowing the attacker to grant ADMIN_ROLE to a malicious contract. This led to unauthorized upgrades on WasabiVault proxies and the Wasabilongpool, enabling the attacker to drain collateral and pool balances. Virtuals Protocol froze margin deposits immediately after the breach, while Wasabi Protocol has not yet issued a public statement regarding the incident.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]