Attackers compromised a Wasabi Protocol deployer key and executed a malicious contract upgrade, draining ~$5.7M before operations were paused.
On April 30, 2026, Wasabi Protocol was exploited after attackers compromised a deployer key and used it to execute a malicious contract upgrade. The upgrade enabled the drainage of approximately $5.7M across Ethereum, Base, Blast, and Berachain. Operations were paused following the incident. No recovery has been reported.
No laundering activity observed. Stolen funds dispersed across four chains; no recovery reported.
N/A