SlowMist Founder Cos: Wasabi Protocol Suffers Over $4.5 Million Loss Due to Single EOA Private Key Leak Attack
Cos, the founder of SlowMist, stated that the Wasabi Protocol (a leveraged trading protocol for membrane coins) was attacked due to the leak of the deployer's EOA administrator private key. The attacker withdrew funds across multiple chains including Ethereum, Base, Berachain, and Blast through UUPS upgradeable vaults and LongPool.
A single EOA controlled a batch of perp vaults, with no multi-signature, no timelock, and no DAO governance. The attacker first granted a malicious helper contract ADMIN_ROLE, then called strategyDeposit to execute a malicious strategy to complete the withdrawal.
The loss is estimated to be between $4.5 million and $5.5 million, mainly involving assets such as PEPE, MOG, USDC, and BTC, which were later converted to ETH for diversification.
Source: Public Information
ABAB AI Insight
SlowMist founder Cos has previously disclosed similar DeFi hacking incidents caused by single EOA-controlled upgrade contracts. The Wasabi Protocol, as a high-yield perp vault project on emerging chains like Berachain, had previously raised $3 million through Electric Capital, focusing on membrane coin leverage and vault yield. The deployer's wallet became a single point of failure, consistent with the proxy upgrade attack patterns seen in 2024-2025.
In terms of capital pathways, Wasabi concentrated user deposits in upgradeable vault pools, controlled by a single deployer EOA with upgrade permissions. The motivation was to rapidly iterate membrane coin perp products and reduce governance overhead. However, after the TVL growth, it failed to timely migrate to multi-signature or timelock, resulting in the private key leak directly translating to a transfer of assets across the chain, with resources flowing from the protocol pool to the attacker's controlled address.
Similar to the Radiant Capital flash loan attack or previous cases where UUPS proxies were compromised by administrator keys (such as multiple DeFi vault drains in 2025), Wasabi is currently in the early stages of transitioning from high-yield expansion to security compliance in the membrane coin leverage track, highlighting insufficient trust assumptions in emerging chain infrastructure.
This essentially represents a capital concentration risk under technological substitution: the project replaced complex governance structures with a single EOA to pursue deployment efficiency and iteration speed, prioritizing product functionality over security boundaries during rapid TVL growth, leading to permission concentration in a single private key, which, when leaked, triggered an instantaneous transfer of pricing power and liquidity of all protocol assets.