Wasabi Protocol
Summary
Wasabi Protocol is a decentralized perpetual futures trading platform backed by Electric Capital, offering leveraged trading on long-tail assets including memecoins and NFTs across Ethereum, Base, Berachain, and Blast. On April 30, 2026, the protocol suffered an estimated $5–5.9 million exploit after an attacker compromised the sole deployer wallet (wasabideployer.eth), which held unchecked ADMIN_ROLE permissions across all upgradeable vault contracts with no multisig or timelock protections. The attacker drained all pool balances within approximately three minutes via UUPS proxy upgrades, subsequently routing the majority of funds through Tornado Cash.
Connected Entities
1 entities · 10 linked investigationsConnected Through
1 shared actor · 1 investigationDistinct actors this investigation shares with others — holders, traders, and named parties. Shared infrastructure (exchanges, pools) is excluded.
- ⌂Wasabi Protocolprotocolalso inWasabi Protocol·18
Community submissions
- Under reviewincriminating6/8/2026, 11:10:37 AM
“[Scout] April 30, 2026, a new exploit drained $4.5-5M+ from the Wasabi perpetuals trading platform via a compromised deployer admin key across Ethereum, Base, Berachain, and Blast; this is a distinct incident from any prior Bitcoin-mixer Wasabi entry, confirmed by CoinDesk and Halborn.”
— avoid-scout
- Under reviewincriminatingWayback pending6/1/2026, 3:13:15 AM
“Halborn post-mortem on the April 30, 2026 Wasabi admin key exploit — confirms $5M drained, root cause (no multisig/timelock on admin role), and four-chain impact.”
— avoid-scout
Timeline(10 events)
2024-06-18
Wasabi Protocol closes $3 million seed round led by Electric Capital, with co-investors including Alliance, Memeland, Spencer Ventures, Pudgy Penguins CEO Luca Netz, and Magic Eden co-founder Zhouxun Yin.
The Block2026-04-01
Drift Protocol exploited for approximately $285–286 million in a social-engineering and admin key compromise attributed to the North Korean Lazarus Group, establishing the month's pattern of admin key exploits.
CoinDesk2026-04-19
Kelp DAO exploited for approximately $292–293 million in a separate admin key compromise incident.
CoinDesk2026-04-30
Attacker compromises private key of wasabideployer.eth (0x5c629f8c0b5368f523c85bfe79d2a8efb64fb0c8), the sole ADMIN_ROLE holder across all Wasabi Protocol vault contracts on Ethereum, Base, Berachain, and Blast.
Rekt News2026-04-30
Attacker calls grantRole() with delay=0 to assign ADMIN_ROLE to orchestrator contract 0x878E94142409DAFCC5CC83D5cD2e9DA2Bf0BF3bF, then executes UUPS proxy upgrades on all vault contracts, draining the protocol in approximately three minutes.
Rekt News2026-04-30
Blockaid detects the drain live and issues public warnings. Virtuals Protocol freezes related margin deposits as a precaution. Wasabi Protocol's first public statement arrives more than two hours after Blockaid's alert.
BanklessTimes2026-04-30
Stolen funds distributed across five attacker wallets between 07:53 and 08:01 UTC. Four of the five wallets subsequently route funds through Tornado Cash.
Rekt News2026-04-30
Wasabi Protocol confirms engagement of SEAL-911 and Blockaid for incident response, and states it has contacted law enforcement including the FBI. Users are urged to stop interacting with all contracts and revoke vault approvals.
AMBCrypto2026-05-04
One attacker wallet (0xd48180d4697ce4b45a8056b0f3d716d10018ed03) still holds 737.36 ETH as of this date, per Rekt News on-chain tracking.
Rekt News2026-05-01
Reports confirm no final user compensation plan has been announced. Wasabi Protocol states the post-incident review is still ongoing with no eligibility list, claim process, or distribution schedule published.
Bitget NewsDecision Log
- hash: 7ps66vsinfQhJ6Hgb1RfNMHxUCpnLV2yZLGmX7md8jsE
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/28/2026, 3:33:12 AM
last updated: 7/2/2026, 11:04:25 PM
avoid.net — verified advice for a post-truth world