Wasabi Protocol Hacked: $5.5M Drained Across 4 Chains

DeFi perpetuals platform @WasabiProtocol has been exploited for around $5.5M today, with losses across Ethereum, Base, Blast, and Berachain.
What Happened:
The attacker compromised the protocol's deployer admin key, granted ADMIN_ROLE to a malicious contract, then used a UUPS proxy upgrade to inject harmful logic into the perp vaults and LongPool, draining liquidity across all 4 chains.
CertiK flagged the incident around 08:30 UTC. Initial estimates were $2.9M but losses climbed to $5.5M as the attack unfolded.
Same as Drift Protocol's $285M hack earlier this month:
Compromised deployer key + no timelock + no multisig = drained funds.
Action for Users:
✅ Withdraw funds immediately if you have open positions or LP exposure
✅ Revoke all token approvals granted to Wasabi contracts
✅ Monitor official channels for updates (no official statement yet)
April 2026 has now seen $606M+ lost to DeFi hacks in just 18 days, making it the worst month since February 2025. Drift ($285M) and Kelp DAO ($293M) lead the damage.
The Lesson: Privileged admin keys without timelocks or multisig protection remain DeFi's biggest unsolved problem. Always check protocol governance setup before depositing.
Stay Safe. DYOR. Protect Your Capital.