0:00
0:00
Subscribe to Bankless or sign in
Another day, another admin key failure. Wasabi Protocol’s $5M+ exploit is a reminder that DeFi’s most preventable risk remains ever-present.
What's the Scoop?
- Compromised Key: Wasabi Protocol – a perpetual DEX deployed on Ethereum, Base, Berachain, and
Ethereum L2 platform with native yield incentives.View Profile" class="stubHighlight">
Blast – was exploited across multiple chains after an attacker compromised its single deployer wallet and seized full control of the protocol. - Industry Outrage: After compromising the Wasabi deployer, the attacker instantly granted themselves admin privileges and upgraded core contracts to malicious versions, without delay or a second signer. Many within the crypto industry, including onchain sleuth ZachXBT, expressed bewilderment that Wasabi entrusted a single signer with instantaneous admin access, a clear fail to implement basic user safeguards.
- Similar Vector: The Wasabi exploit mirrors the attack vector utilized in this month's high-profile Drift and KelpDAO hacks, each of which resulted from the failure of centralized control points.
- Worst Month Ever: According to data compiled by DeFiLlama, April 2026 holds the unenviable title as the most-hacked month in crypto history by number of incidents, with at least 29 distinct applications compromised.
April ends as the most-hacked month in crypto history, by number of incidents. pic.twitter.com/Cx67K3z86O
— DefiLlama.com (@DefiLlama) April 30, 2026
