Wasabi Protocol's deployer key was compromised on April 28, 2026. The attacker granted ADMIN_ROLE to a helper contract, then pushed UUPS upgrades on the perpetual vaults and LongPool across Ethereum, Base, Berachain, and Blast. $5.9 million drained — WETH, USDC, PEPE — funded through Tornado Cash. No timelock, no multisig stood between one private key and total protocol control. Source: https://rekt.news/wasabi-protocol-rekt