Suspected admin key compromise due to Wasabi protocol exploit, resulting in loss of over $5 million across multiple chains

Crypto Metaverse News

By Crypto Gloom On Apr 30, 2026

by
Alyssa Davidson

Posted: Apr 30, 2026 7:47 AM Updated: Apr 30, 2026 7:47 AM

by Anastasia Oh

Edit and fact check date: April 30, 2026 7:47 AM

The Web3 security incident affected the Wasabi protocol on multiple blockchains, and according to Web3 security services provider PeckShield, on-chain activity resulted in over $5 million in losses on networks including Ethereum, Base, Berachain, and Blast.

Security monitoring firm Phalcon provided preliminary analysis suggesting that accounts previously funded through Tornado Cash were later assigned ADMIN_ROLE-related permissions and participated in flows involving WasabiLongPool, WasabiShortPool, and WasabiVault contracts. The findings were shared for public visibility and required further clarification on fund transfers and changes in management roles.

knell! Our system detected a series of unusual transactions, including: @wasabi_protocol to #Ethereum and #baseThe total abnormal fund movements were approximately $5.15 million.

Preliminary tracing suggests that the Tornado Cash funded account was later granted ADMIN_ROLE related permissions…

— BlockSec Phalcon (@Phalcon_xyz) April 30, 2026

Separately, blockchain security platform Blockaid reported that accounts owned outside of the distributor were used to grant administrative rights to attacker-related contracts, executing upgrade operations through the UUPS mechanism, replacing vault and persistent pool implementations with malicious versions that depleted user balances.

🚨 Blockaid’s exploit detection system has identified an admin key compromise exploit in progress on: @wasabi_protocol Across Ethereum and Base. Wasabi: Deployer EOA was used to grant ADMIN_ROLE to the attacker helper contract, which then upgraded the culprit vault and LongPool to UUPS…

— Block Aid (@blockaid_) April 30, 2026

Blockaid further assessed that all Wasabi and related liquidity provider share tokens issued on the affected repositories should be considered compromised because the underlying collateral was leaked or jeopardized while the distributor keys remained active. The report noted that while token balances may still represent nominal value, the actual redemption value is effectively dropping to zero or declining rapidly. According to the security assessment, contracts noted as affected included several repositories: wWETH, sUSDC, wBITCOIN, and wPEPE on Ethereum, and sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, and sBRETT repositories on Base.

Wasabi Protocol had over $4.5 million stolen. A single EOA controls a set of upgradeable repositories. No multi-signature, no time locking, no DAO governance… Then your private key was leaked… 😕 https://t.co/FPNhOFgAYA

— Cos😶‍🌫️ (@evilcos) April 30, 2026

On-chain analyst Cos raised concerns about the control structure within the protocol, estimating losses of over $4.5 million and highlighting that a single externally owned account appears to be managing multiple upgradeable repositories without multi-signature protection, time-locking mechanisms, or DAO-based oversight. Independent investigator ZachXBT similarly questioned the lack of standard security safeguards, suggesting that leaked private keys may have enabled the exploit.

The exploit has led to investigation and preventative action across the Wasabi partner network.

In response to the incident, Wasabi Protocol said an investigation was ongoing and advised users not to interact with the contract until further notice, promising further updates as more information becomes available.

We are aware of the issue and are actively investigating it.

As a precaution, please do not interact with the Wasabi Agreement until further notice.

We will share updates as more information becomes available. Thank you for your understanding.

— Wasabi Protocol 🟢 (@wasabi_protocol) April 30, 2026

Berachain, one of the affected networks, also issued a warning advising users to withdraw their funds immediately, estimating that around $50,000 of user funds on the network could be affected. Users have been instructed to revoke permissions using revoke.cash, and rewards vault operations have been temporarily suspended as a precautionary measure.

Virtuals Protocol separately said its systems were secure, but confirmed it had suspended margin deposits integrated with Wasabi infrastructure as a precaution.

Users holding Wasabi liquidity provider tokens have been widely advised to cancel all active acceptances associated with vault contracts, considering that the collateral backing these instruments has been exhausted or is at risk.

Wasabi Protocol operates as a perpetual trading platform on Ethereum and Base, offering leveraged trading, token swaps, and yield features with up to 20x leverage. The protocol is designed so that leveraged positions are backed by stored underlying assets rather than synthetic exposure, and ETH positions are said to be collateralized by actual ETH held within the system.

disclaimer

In accordance with the Trust Project Guidelines, the information provided on these pages is not intended and should not be construed as legal, tax, investment, financial or any other form of advice. It is important to invest only what you can afford to lose and, when in doubt, seek independent financial advice. We recommend that you refer to the Terms of Use and help and support pages provided by the publisher or advertiser for more information. Although MetaversePost is committed to accurate and unbiased reporting, market conditions may change without notice.

About the author

As a dedicated journalist at MPost, Alisa specializes in the broad areas of cryptocurrency, AI, investing, and Web3. With a keen eye for new trends and technologies, she provides comprehensive coverage to inform and engage readers about the ever-evolving digital financial landscape.