Back

Wasabi Protocol Says April 30 EVM Security Incident Is Fully Contained

According to Wasabi Protocol, the April 30 incident affected its EVM deployment, while Solana contracts and Prop AMM were unaffected; Berachain had already suspended impacted Reward Vaults and urged users to revoke approvals.

ETH
SOL

Fact Check
The core claim is well-supported. Both PANewsLab (citing BlockSec Phalcon) and PANewsLab (citing CertiK Alert) confirm a Wasabi Protocol exploit on April 30, 2026, involving privileged-role abuse linked to a deployer wallet, affecting Ethereum and Base. The mechanism described - a deployer wallet granting ADMIN_ROLE to attacker-controlled accounts (funded via Tornado Cash) to drain WasabiLongPool, WasabiShortPool, and WasabiVault - is consistent across all sources. The dollar-amount range in the claim ($4.5M to $5.15M) is accurate: CertiK's early alert cited ~$2.9M, the widely circulated figure is $4.5M, BlockSec Phalcon and Woofun AI report ~$5.15M, and some sources cite up to $5.5M. These discrepancies reflect evolving estimates as the incident developed, not contradictions. The claim's framing of 'about $4.5 million' as the headline figure with a range up to $5.15M is a reasonable and accurate summary of the available evidence.
    Reference12
Summary

Wasabi Protocol said its April 30 security incident affecting its EVM deployment has been fully contained after an exploit involving unauthorized privileged access altered a Vault and drained funds. The team said it closed the attack vector, rotated credentials and keys, and is continuing its investigation with security partners, while stating that its Solana deployment, Solana contracts, and Prop AMM were unaffected. Earlier estimates of losses varied, with Wasabi citing about $4.5 million drained across Base and Ethereum, BlockSec reporting about $5.15 million in abnormal flows, CertiK estimating about $2.9 million, and later reporting citing about $5.5 million across Ethereum, Base, Blast, and Bera. Berachain responded by suspending and blacklisting affected Wasabi Reward Vaults, halting BGT staking rewards to compromised contracts, and urging users to revoke token approvals. Wasabi also said it contacted law enforcement and the FBI.

Terms & Concepts
  • admin private key: A cryptographic key controlling privileged protocol permissions; if compromised, an attacker can change contract settings or assign admin access.
  • EVM: Ethereum Virtual Machine, the software environment that lets Ethereum-compatible blockchains run smart contracts.
  • Token approvals: Permissions that let a smart contract spend tokens from a user’s wallet; revoking them can limit damage after a compromise.