Wasabi Protocol, a decentralized finance platform designed for leveraged trading of long-tail assets like meme coins and NFTs, on Thursday was hit by an admin key compromise that drained liquidity pools across Ethereum, Base, Berachain and Blast, according to blockchain security firm Blockaid.
The attacker used the protocol’s own deployer key to push a malicious contract upgrade, emptying vault balances in the process. All Wasabi LP tokens should be treated as worthless, Blockaid said, advising users to revoke any active approvals to the protocol’s vault contracts immediately.
📷 COMPROMISED LP TOKENS 📷
All Wasabi/Spicy LP-share tokens minted by these vaults should be treated as COMPROMISED — the underlying assets backing them have been drained or are at risk while the Wasabi: Deployer key (0x5c629f8c…fb0c8) remains live. End-users holding these…
— Blockaid (@blockaid_) April 30, 2026
Blockchain security firm PeckShield assessed the losses at upwards of $5 million.
Source: https://cryptobriefing.com/wasabi-protocol-attack-loss/