Wasabi Protocol Suffers Security Breach, Approximately $2.9 Million Stolen
Wasabi Protocol experienced a security vulnerability, confirming that approximately $2.9 million was stolen.
Preliminary investigations show that attackers gained privileged roles (ADMIN_ROLE) through the Wasabi deployer wallet (Deployer EOA), allowing them to upgrade perp vaults and LongPool to malicious implementations and extract funds. The stolen funds are currently dispersed across multiple addresses.
In the DeFi protocol security incident, liquidity providers and users quickly withdrew funds from the affected pools, leading to increased demand for on-chain monitoring and auditing tools. The Wasabi Protocol team and remaining assets face pressure on trust and liquidity, while attackers benefit in the short term.
Source: Public Information
ABAB AI Insight
Wasabi Protocol previously expanded rapidly as a cross-chain perp trading platform. This attack continues the pattern seen in multiple DeFi projects from 2025-2026, where deployer keys or improper permission management were exploited, similar to past protocols that suffered fund outflows due to admin key compromises.
In terms of capital flow, attackers utilized the compromised deployer EOA to manipulate protocol upgrade permissions, directly extracting and dispersing funds from vaults and pools within the protocol. Their motive appears to be quick cashing out of the stolen assets. The team will need to rebuild permission controls through mechanisms like multi-signature or timelock.
Similar to several perp and lending protocols from 2024-2025 that were hacked due to proxy upgrade vulnerabilities or deployer leaks (such as some Base chain projects), the current DeFi perp space is in a fragile stage transitioning from rapid iteration to strengthened governance and auditing.
Essentially, this reflects regulatory changes: the concentration of admin roles and deployer permissions exposes governance vulnerabilities, forcing protocols to concentrate resources on multi-signatures, timelocks, and third-party audits, shifting the pricing power of DeFi projects from speed-first to security and compliance-first.