Wasabi Protocol Updates on Security Incident: No Final User Compensation Plan Yet

On May 10, Wasabi Protocol released an update regarding a security incident, stating that attackers exploited a configuration vulnerability in the Spring Boot Actuator within its AWS infrastructure to steal the private keys controlling EVM smart contracts, resulting in the theft of approximately $4.8 million in user funds and $900,000 in protocol treasury funds. The attack chain began with a public server used for analysis, whose Actuator heap dump was not properly password protected, allowing the attackers to obtain credentials for another server and ultimately gain control over the smart contract private keys. This incident only affected EVM deployments, including certain treasuries on Ethereum, Base, Blast, and Berachain, while Solana deployments and Prop AMM were not impacted. Wasabi Protocol stated that a final compensation plan for users has not yet been determined, but ensuring that all affected users are compensated remains the team’s highest priority, with updates on the investigation progress to be shared in the Discord community in the future.