Wasabi Protocol Hacked: $5.5M Drained Across 4 Chains

DeFi perpetuals platform Wasabi Protocol has been exploited for around $5.5M today, with losses across Ethereum, Base, Blast, and Berachain.

What Happened:
The attacker compromised the protocol's deployer admin key, granted ADMIN_ROLE to a malicious contract, then used a UUPS proxy upgrade to inject harmful logic into the perp vaults and LongPool, draining liquidity across all 4 chains.

CertiK flagged the incident around 08:30 UTC. Initial estimates were $2.9M but losses climbed to $5.5M as the attack unfolded.

Same as Drift Protocol's $285M hack earlier this month:
Compromised deployer key + no timelock + no multisig = drained funds.

Action for Users:
✅ Withdraw funds immediately if you have open positions or LP exposure
✅ Revoke all token approvals granted to Wasabi contracts
✅ Monitor official channels for updates (no official statement yet)

April 2026 has now seen $606M+ lost to DeFi hacks in just 18 days, making it the worst month since February 2025. Drift ($285M) and Kelp DAO ($293M) lead the damage.

The Lesson: Privileged admin keys without timelocks or multisig protection remain DeFi's biggest unsolved problem. Always check protocol governance setup before depositing.

Stay Safe. DYOR. Protect Your Capital.