News linked to both this project and an event.
Wasabi Protocol released a security incident update, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal private keys controlling EVM smart contracts, and subsequently drained approximately $4.8 million in user funds and $900,000 from the protocol’s treasury—totaling roughly $5.7 million in losses. The attack chain originated from a public-facing analysis server whose Actuator heap dump was not properly password-protected, enabling the attacker to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident affected only EVM deployments—including certain treasuries on Ethereum, Base, Blast, and Berachain—while Solana deployments and the Prop AMM remained unaffected. No final user compensation plan has been announced yet; however, “ensuring all affected users are compensated” remains the team’s top priority. Updates on the investigation will be shared with the community via Discord.
Wasabi Protocol announced a security incident update on X, stating that users can now safely interact with the protocol’s contracts to withdraw remaining funds. The team said it is working behind the scenes to the best of its ability to address the issue; however, as the investigation remains ongoing, no further details can be disclosed at this time. The team will share the latest updates with the community as soon as conditions permit.
Wasabi Protocol announced on X that it has become aware of an issue with the protocol and is actively investigating. As a precautionary measure, users are advised not to interact with the protocol’s smart contracts until further notice. Updates on the security incident will be shared as soon as more information becomes available. Earlier reports indicated that Wasabi Protocol was hacked, resulting in the theft of approximately $2.9 million.
According to blockchain security firm CertiK (@CertiKAlert), Wasabi Protocol (@wasabi_protocol) has suffered a security breach, with approximately $2.9 million stolen so far. Preliminary investigations indicate that the attacker gained privileged access after compromising a wallet deployed by Wasabi, enabling the attack. The stolen funds are currently distributed across the following addresses: 0xb8Bb...70dB (approximately $677,000) and 0x6244...f906 (approximately $1.1 million). The incident remains under active investigation.