Wasabi Protocol 因攻擊者奪取 3 條鏈上的 Deployer Admin Key 而損失 5M 美元

📄完整原文· 由 trafilatura 自動擷取5527 字

An attacker seized control of Wasabi Protocol’s deployer admin key on Thursday, draining an estimated $4.5 million to $5.5 million from perp vaults and liquidity pools across three blockchains. Wasabi Protocol Loses $5M After Attacker Seizes Deployer Admin Key Across 3 Chains Key Takeaways: - An attacker drained $4.5M to $5.5M from Wasabi Protocol by compromising the deployer EOA admin key on April 30, 2026. - Virtuals Protocol froze margin deposits immediately after the breach, though its own security remained fully intact. - Wasabi Protocol has not issued a public statement; users must revoke all approvals across Ethereum, Base, and Blast. DeFi Protocol Wasabi Loses $5M in Admin Key Hack The compromised address, 0x5c629f8c0b5368f523c85bfe79d2a8efb64fb0c8, was the sole admin key controlling Wasabi’s Perpmanager contracts. The attacker reportedly used it to grant the ADMIN_ROLE to a malicious helper contract, then executed unauthorized UUPS proxy upgrades on Wasabivault proxies and the Wasabilongpool before sweeping collateral and pool balances. Security firm Hypernative flagged the incident with high-severity alerts across all three chains. Blockaid, Cyvers, and Defimonalerts also detected the activity in real time. Hypernative confirmed it is not a Wasabi customer but detected the breach independently and pledged a full technical analysis. The attack began around 07:48 UTC and ran for approximately two hours. The deployer granted ADMIN_ROLE to attacker-controlled contracts on Ethereum, Base, and Blast. A malicious contract then called strategyDeposit() on seven to eight WasabiVault proxies, passing a fake strategy that triggered a drain() function returning all collateral to the attacker. The Wasabilongpool on Ethereum and Base was then upgraded to a malicious implementation that swept remaining balances. Funds were consolidated into ETH, bridged where needed, and distributed across multiple addresses. Early reports noted some activity linked to Tornado Cash. The largest single loss was reportedly 840.9 WETH, worth more than $1.9 million at the time of the attack. Other drained assets included sUSDC, sREKT, PEPE, MOG, NEIRO, ZYN, and bitcoin, along with Base-chain assets such as VIRTUAL, AERO, and cbBTC. Wasabi’s total value locked (TVL) stood at roughly $8.5 million across chains before the exploit, according to Defillama data. This was a key-management failure, not a smart contract vulnerability. No reentrancy or logic exploits were involved. The attacker likely obtained the private key through phishing, malware, or direct theft, then abused the upgradeable proxy architecture to drain funds without triggering conventional security checks. Virtuals Protocol, which powered margin deposits through Wasabi, moved quickly after the breach was detected. The team froze all margin deposits and confirmed its own security was fully intact. Trading, withdrawals, and agent operations on Virtuals continued without disruption. The team warned users to avoid signing any Wasabi-related transactions. Wasabi Protocol had not issued a public statement or incident post as of the latest available data. The protocol has previously communicated quickly during unrelated incidents and holds audits from Zellic and Sherlock, but this attack bypassed those protections entirely. Users with exposure are advised to revoke all Wasabi approvals across Ethereum, Base, and Blast immediately. Tools like Revoke.cash, Etherscan, and Basescan can help identify active approvals. Any remaining LP positions should be withdrawn without delay, and no Wasabi-related transactions should be signed until the team confirms key rotation and full contract integrity. The incident fits a pattern seen across DeFi in 2026: upgradeable proxy contracts paired with centralized admin keys create a single point of failure that bypasses even well-audited code. When one key controls upgrade permissions across multiple chains, a single compromise becomes a protocol-wide event. The Wasabi breach did not happen in isolation. April 2026 has seen more than $600 million drained from DeFi protocols across roughly a dozen confirmed incidents, making it one of the worst months on record for the sector. The month opened on April 1 with attackers draining approximately $285 million from Drift Protocol on Solana in under 20 minutes using governance manipulation and oracle abuse. A second major blow came around April 18 when a Layerzero bridge exploit hit KelpDAO on Ethereum, draining roughly $292 million in rsETH and triggering over $10 billion in downstream contagion across lending platforms, including Aave. Smaller hits landed throughout the month on Silo Finance, Cow Swap, Grinex, Rhea Finance, and Aftermath Finance, among others. Drift Protocol Hack 2026: What Happened, Who Lost Money, and What’s Next Drift Protocol Hack 2026: What Happened, Who Lost Money, and What’s Next A Solana-based perpetual futures exchange lost $286 million in 12 minutes on April 1, 2026, after attackers spent three weeks… Read NowA Solana-based perpetual futures exchange lost $286 million in 12 minutes on April 1, 2026, after attackers spent three weeks… The pattern across nearly every incident points away from code-level bugs and toward admin key compromises, bridge weaknesses, and upgradeable proxy risks, exposing centralized control points that audits alone cannot protect against. The Wasabi situation remains active. Users should monitor the official @wasabi_protocol account and security firm feeds for updates.

資料狀態✓ 已擷取全文閱讀原文（Bitcoin.com）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-30

Wasabi Protocol 因疑似管理員金鑰外洩遭駭，損失 450 萬美元

相似度 230%關鍵字 key/protocol/wasabi

2026-04-30

Wasabi Protocol 因疑似管理員金鑰外洩遭竊取 450 萬美元

相似度 230%關鍵字 key/protocol/wasabi

2026-04-22

繼 KelpDAO 遭駭數日後，另一個 DeFi 協議又損失數百萬美元

相似度 180%關鍵字 protocol/loses/after

2026-04-30

在 CFTC 授予 Gemini Exchange 關鍵牌照後，GEMI 股價飆升

相似度 130%關鍵字 key/after

2026-04-30

Wasabi Protocol 500 萬美元遭駭事件加速了 AI 驅動的 DeFi 駭客理論

相似度 130%關鍵字 protocol/wasabi

2026-04-30

Wasabi Protocol 爆出遭駭 290 萬鎂！攻擊者透過部署錢包取得特權角色

相似度 130%關鍵字 protocol/wasabi

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：bcb9cf8a21

來源：Bitcoin.com

發佈：2026-04-30 09:05:57

分類：一般 · 導出分類 neutral

標的：未指定

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言