Wasabi Protocol, a decentralized finance platform designed for leveraged trading of long-tail assets like meme coins and NFTs, on Thursday was hit by an admin key compromise that drained liquidity pools across Ethereum, Base, Berachain and Blast, as flagged by blockchain security firm Blockaid.
The attacker used the protocol’s own deployer key to push a malicious contract upgrade, emptying vault balances in the process. All Wasabi LP tokens should be treated as worthless, Blockaid said, advising users to revoke any active approvals to the protocol’s vault contracts immediately.
📷 COMPROMISED LP TOKENS 📷
All Wasabi/Spicy LP-share tokens minted by these vaults should be treated as COMPROMISED — the underlying assets backing them have been drained or are at risk while the Wasabi: Deployer key (0x5c629f8c…fb0c8) remains live. End-users holding these…
— Blockaid (@blockaid_) April 30, 2026
Blockchain security firm PeckShield assessed the losses at upwards of $5 million.
Wasabi has reported that it is aware of the problem and is actively looking into it. In the meantime, users have been urged not to engage with its contracts as a safety precaution. The team said that further information would be shared once it becomes available.
We’re aware of an issue and are actively investigating.
As a precaution, please do not interact with Wasabi contracts until further notice.
We’ll share an update as soon as we have more information. Thanks for your patience.
— Wasabi Protocol 🟢 (@wasabi_protocol) April 30, 2026
April 2026 marked a turbulent turning point for the DeFi sector, as a series of major disruptions exposed the underlying structural vulnerabilities. Two separate large-scale hacks targeting Drift Protocol and KelpDAO set off a chain reaction that extended well beyond the original breaches. Confidence in collateral markets deteriorated after the compromise of the rsETH token, prompting a $10 billion wave of withdrawals from Aave, increasing volatility and sharply driving up borrowing costs.
In response to the escalating crisis, a coalition known as “DeFi United” formed to prevent a larger fall, deploying a $240 million rescue package.
