Wasabi Protocol Suffers Multi-Chain Attack
In a significant breach, Wasabi Protocol has experienced a multi-chain attack resulting in losses exceeding $5 million, as revealed by various blockchain security experts. The security firms, including PeckShield, reported that this exploit impacted multiple blockchain networks, specifically targeting Ethereum, Base, Berachain, and Blast.
Details of the Exploit
The exploit was made possible through the use of a compromised administrative key, which granted the attacker unauthorized access to the Wasabi deployer wallet. This breach allowed for upgrades to core contracts, leading to substantial funds being siphoned off from the DeFi derivatives platform. Experts from Blockaid and CertiK noted that the initial investigations suggested funds had been directed to accounts funded by Tornado Cash, which then assumed roles linked to administrative privileges.
“All Wasabi/Spicy LP-share tokens minted by these vaults should be treated as COMPROMISED.” – Blockaid
Additionally, security firm Cyvers reported that various assets were stolen, including WETH, PEPE, MOG, USDC, ZYN, REKT, cbBTC, AERO, and VIRTUAL. Consolidating the stolen funds into ETH, the attacker subsequently bridged them to Ethereum before dispersing the amounts across multiple addresses.
Response from Wasabi Protocol
Acknowledging the situation, the Wasabi Protocol team assured users they were actively investigating the breach. They urged all users to refrain from any interactions with Wasabi contracts until more information is provided, emphasizing the need for caution during this investigation.
Impact on Other Protocols
Meanwhile, Virtuals Protocol confirmed that its security measures remain unaffected, though they have temporarily halted margin deposits that utilized Wasabi Protocol as a precautionary step.
Broader Context of DeFi Exploits
This incident adds to an alarming surge in DeFi-related exploits this month, with over 25 different protocols reported to have incurred losses surpassing $600 million, topped by the notorious $292 million exploit involving Kelp DAO.
