- Wasabi Protocol was exploited for over $5M in an exploit across Ethereum, Base, Berachain, and Blast.
- A compromised admin key from the Wasabi deployer wallet was used to upgrade contracts and drain funds.
- The exploit signals ongoing admin key risks and may raise fresh concerns after April 2026 saw over $600M lost.
On April 30, 2026, Wasabi Protocol suffered a major exploit that drained more than $5 million across Ethereum (ETH), Base, Berachain, and Blast. Security firms Blockaid, CertiK, and PeckShield confirmed that attackers used a compromised admin key from the deployer wallet to upgrade contracts and steal funds from liquidity pools and vaults. The team warned users to stop interacting with all contracts.
Wasabi Protocol Hit by Over $5M Multi-Chain Exploit
According to sources, PeckShield, Blockaid, and CertiK report that attackers exploited Wasabi Protocol, a DeFi derivatives platform, draining more than $5 million across ETH, Base, Berachain, and Blast. The attack targeted liquidity pools and vaults across these networks. Key on-chain details include:
- Attacker address: 0x02228b0afcdbEdf8180D96Fc181Da3AF5DD1d1ab
- Privileged access/contract upgrade transaction: 0x985b4cde1075c67841d0f9fd897da34c9da53d77f6e23b5a19653ebff4a6fac1
Notably, the attackers drained multiple assets, including WETH, PEPE, MOG, USDC, ZYN, REKT, cbBTC, AERO, and VIRTUAL. They consolidated the stolen funds into ETH, bridged them to the Ethereum network, and distributed them across multiple addresses.
How the Compromised Admin Key Enabled the Exploit
The root cause was a compromised admin key tied to the Wasabi deployer wallet (an externally owned account (EOA) known as wasabideployer.eth) that attackers exploited. This EOA possessed the sole ADMIN_ROLE in the protocol’s access-control framework.
Using the compromised key, attackers granted the ADMIN_ROLE to an attacker-controlled helper contract. Blockaid and CertiK stated that “a compromised admin key allowed the attacker to gain privileged access via the Wasabi deployer wallet, upgrade core systems, and drain funds.”
Attackers executed UUPS upgrades on Wasabi Protocol’s core contracts, including the LongPool, ShortPool, perp vaults, and Vault contracts, gaining elevated permissions that enabled them to drain liquidity and underlying assets across multiple chains, with BlockSec reporting that Tornado Cash-funded wallets received admin-level roles and actively participated in transactions across the protocol’s key pools and vault systems.
Broader Impact on DeFi Security and What’s Next?
This incident caps off one of the worst months on record for DeFi exploits. April 2026 has seen over $600 million lost across more than 25 incidents. The Wasabi Protocol attack further damages trust and could raise fresh concerns about admin key security across the entire ecosystem.
Source: DeFiLlama
The exploit follows massive breaches like Kelp DAO ($293M) and Drift Protocol ($285M). These repeated attacks underscore the ongoing risks around admin key security, privileged access, and cross-chain infrastructure.
Meanwhile, Wasabi Protocol continues to investigate the incident and urges users to avoid all contracts until further notice. Virtuals Protocol has frozen related margin deposits as a precaution. Industry experts now demand stronger multisig wallets, timelock mechanisms, and improved operational security to prevent future single-point failures.
Related: Rhea Finance Hit by $7.6M Exploit After Fake Token Pool Attack
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
