On April 30, the Wasabi project was hacked. According to PeckShield experts, the damage exceeded $5 million.
#PeckShieldAlert @wasabi_protocol has been exploited for over $5M across multiple chains, including Ethereum, Base, Berachain, and Blast. pic.twitter.com/zkWjEkZMMp
— PeckShieldAlert (@PeckShieldAlert) April 30, 2026
CertiK experts estimated the losses at $5.5 million. The attack affected funds across several networks: Ethereum, Base, Berachain, and Blast.
UPDATE:
— CertiK Alert (@CertiKAlert) April 30, 2026
Total losses amount to approximately $5.5M across the ETH, BASE, BLAST, and BERA chains:https://t.co/c37s3gNtwBhttps://t.co/Sj9gtovG5Khttps://t.co/E5W6LLDuenhttps://t.co/fUZrwM5NmK
According to Blockaid, the hacker gained access to the administrative key and, through a special Wasabi wallet, designated their version of the management contract. Using a UUPS upgrade, they altered the internal logic of the platform's storage and withdrew the assets.
Cos, the founder of SlowMist, pointed out the protocol's weak security mechanisms. He noted that the management of the storages was handled by a single EOA without multisignature, time-locking, or DAO. This allowed the hacker to easily compromise the private key, raising concerns within the community.
Why did a single EOA seemingly have so much control without basic safeguards?
— ZachXBT (@zachxbt) April 30, 2026
Seems your runway was burned on KOL grifters like Kook…. https://t.co/sRNtM8Ai8K pic.twitter.com/rXzCSZpCD0
BlockSec added that administrative roles were assigned to wallets funded through the crypto mixer Tornado Cash.
According to Cyvers, the cybercriminal stole WETH, PEPE, MOG, USDC, ZYN, REKT, cbBTC, AERO, VIRTUAL, and has already converted the assets into ETH, distributing them across multiple addresses.
🚨ALERT🚨Our system has detected multiple suspicious transactions involving @wasabi_protocol
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 30, 2026
An address funded via @TornadoCash deployed a malicious contract on both #Base and #Ethereum, extracting approximately $4.5M across multiple assets, including $WETH, $PEPE, $MOG, $USDC,… pic.twitter.com/UHTRNvqZ15
The Wasabi team confirmed the hack and advised users not to interact with the protocol's contracts until further notice.
"We will provide updated information as soon as new data becomes available," the developers stated.
It’s worth noting that on April 28, the Ethereum infrastructure project Syndicate was also attacked. Cybersecurity experts estimated the losses at $330,000.
At the same time, hackers breached the Aftermath Finance exchange within the Sui ecosystem, stealing around $900,000 in USDC.
The day before, the L1 network ZetaChain suffered an incident. Developers stated that the incident only affected the team’s internal wallets, with losses amounting to $333,868.