The investigation remains ongoing, led by Berachain, Blockaid, and ZeroShadow, with updates anticipated as more details emerge.

Security firms Hypernative, Blockaid, Cyvers, and Defimonalerts detected the incident in real time; Hypernative will publish a full technical analysis and noted the attacker was not a Wasabi customer.

Wasabi responded by freezing margin deposits and advising a precautionary halt on interacting with Wasabi contracts while investigations proceed.

Loss estimates place approximately $2.2 million on Ethereum-related assets and about $2.4 million on Base, with total losses across all chains exceeding $5 million.

This incident fits a broader April 2026 pattern of DeFi losses, contributing to over $600 million in losses across roughly a dozen incidents.

Looking ahead, the broader context suggests admin-key compromises and upgradeable-proxy risks remain a systemic vulnerability in DeFi, contributing to sector-wide losses.

Wasabi had not issued a public statement by the report date, with CoinDesk publishing coverage on April 30, 2026.

Wasabi Protocol suffered a major security breach on April 30, 2026, with roughly $5.5 million stolen across Ethereum, Base, Berachain, and Blast after the admin key was compromised.

Blockaid identifies the root cause as a single admin in Wasabi’s PerpManager holding full ADMIN_ROLE, with no multisig or other protections to mitigate breach risk.

A single externally owned admin key, the sole Wasabi admin key (wasabideployer.eth), was compromised and used via a malicious helper contract with ADMIN_ROLE to upgrade multiple perpetual vaults and the LongPool, enabling the drain of funds across chains.

Blockaid, CertiK, and PeckShield were among the first to flag the incident, highlighting admin-key compromise and the absence of multisig, timelocks, or DAO governance as key weaknesses.

Observers warn that privileged access combined with upgradeable contracts requires stronger safeguards—multisig, timelocks, and governance controls—to prevent similar breaches.