Nikolas Sargeant
TL;DR
- Wasabi Protocol lost $4.55M in a hack after attackers compromised its deployer key, exploiting a single-key admin setup.
- The breach mirrors the Drift Protocol exploit and highlights the DeFi industry's ongoing security struggles.
Wasabi Protocol Drained of $4.5 Million
DeFi's struggle to secure itself continues as Wasabi Protocol, a perpetuals trading platform on Ethereum and Base, was drained of approximately $4.55 million in a hack on Thursday.
The security breach, linked to a compromised deployer key, mirrors the earlier Drift Protocol exploit from April 1, where North Korea-linked attackers stole $285 million.
The attack, identified by Blockaid, occurred when the attackers gained control of Wasabi’s deployer key and manipulated the protocol’s permissions.
By taking control of an externally owned account (EOA), they granted themselves admin privileges and upgraded the platform’s vaults and Long Pool to malicious versions. This allowed the attacker to drain the funds stored in Wasabi’s various vaults across Ethereum and Base.
🚨 Blockaid's exploit detection system identified an on-going admin-key compromise exploit on @wasabi_protocol across Ethereum and Base. The Wasabi: Deployer EOA was used to grant ADMIN_ROLE to an attacker helper contract, which then UUPS-upgraded the perp vaults and LongPool to…
— Blockaid (@blockaid_) April 30, 2026
The exploit leveraged the Universal Upgradeable Proxy Standard (UUPS), allowing the attackers to replace the smart contract’s code while keeping the same address. UUPS, often used for fixing bugs without disrupting users, becomes a vulnerability when an attacker controls admin permissions.
Wasabi’s lack of safeguards—such as a timelock or multisig—left the protocol exposed, granting full control to a single key. The attack compromised several of Wasabi's vaults, including assets like wWETH, wBITCOIN, and sUSDC. Users holding Wasabi LP tokens were urged to revoke approvals to the affected contracts.
The Wasabi breach is part of a larger pattern in DeFi, with over $770 million lost in 2026 across more than 30 incidents. These attacks often share a common theme: the exploitation of single-key admin setups and the absence of proper governance measures like timelocks or multisig setups. As a result, the lessons from these attacks often come too late to prevent the next breach.
