Post-Mortemconfirmed

2026-05-09 16:27:27 UTC

Wasabi Protocol's deployer key was compromised on April 28, 2026. The attacker granted ADMIN_ROLE to a helper contract, then pushed UUPS upgrades on the perpetual vaults and LongPool across Ethereum, Base, Berachain, and Blast. $5.9 million drained — WETH, USDC, PEPE — funded through Tornado Cash. No timelock, no multisig stood between one private key and total protocol control. Source: https://rekt.news/wasabi-protocol-rekt

Receipts

Sourcehttps://rekt.news/wasabi-protocol-rekt
USD Impact$5,900,000