Wasabi Protocol suffered an admin-key compromise that drained over $5 million from its perpetuals vaults and LongPool across Ethereum, Base, Berachain, and Blast, on-chain security firms Blockaid and PeckShield reported.
The attacker gained ADMIN_ROLE through the protocol’s deployer wallet, then upgraded the vaults to a malicious implementation that siphoned user balances. About $4.55 million had been extracted at last count, and the investigation remains active.
Blockaid traced the root cause to wasabideployer.eth, the only address holding ADMIN_ROLE in Wasabi’s PerpManager AccessManager.
The attacker called grantRole on the deployer EOA with zero delay, instantly turning their orchestrator contract into an admin.
“We’re aware of an issue and are actively investigating. As a precaution, please do not interact with Wasabi contracts until further notice,” Wasabi Protocol urged users.
From there, the attacker UUPS-upgraded perpetual vaults and the LongPool to a malicious implementation that drained balances.
The deployer key remains live. Wasabi and Spicy LP-share tokens from affected vaults are flagged as compromised, with redemption value approaching zero.
Blockaid noted the same attacker, orchestrator, and strategy bytecode tie this incident to earlier activity targeting Wasabi.
The pattern echoes prior admin-key incidents and reflects single-EOA admin setups without timelocks or multisigs. PeckShield put the total losses past the $5 million mark across all four affected chains.
Meanwhile, the incident comes only hours after three other attacks between Tuesday and Wednesday. BeInCrypto reported the Tuesday cascade, comprising:
Against these backdrops, analysts are talking about AI concerns, citing the asymmetric dynamic between attacker tooling and protocol defenses.
In the same line of thought, developer Vitto Rivabella floated a theory that North Korea trained an in-house AI on years of stolen DeFi data.
He suggested the model now operates as an autonomous exploiter, draining protocols faster than human reviewers can patch them.
“Wild conspiracy theory about the recent DeFi hacks: North Korea has trained its own, state funded, version of Mythos using the insane amounts of data obtained by hacking DeFi protocols over the last 10 years. Now they’re just letting their AI DeFi hacker run free and won’t stop cashing in until someone stops them,” wrote Rivabella.
Whether AI is steering the recent string of exploits or not, single-key admin roles keep giving attackers an obvious opening.
The post Wasabi Protocol $5 Million Exploit Accelerates AI-Driven DeFi Hacker Theory appeared first on BeInCrypto.
Ripple’s UK MD says Europe has outpaced the U.S. on XRP infrastructure. Here’s what the $1.50 resistance level, $1.84B daily volume, and RSI accumulation signal
Bitcoin holds near $77,000 as Brent crude clears $111 on Strait of Hormuz fears. BTC/USD dipped below $76K before recovering — here’s what the key
Anthropic’s Claude AI has released May price targets for Bitcoin, Ethereum, and XRP. See the exact forecasts, key technical levels, and what FOMC means for
Meta has launched USDC creator payouts on Solana and Polygon. No confirmed SOL price spike yet — here’s the technical breakdown, three price scenarios, and
Blockchain Bodega is here and you know the vibes. We’re at the intersection of hip-hop culture and web3, exploring this new digital frontier. Who better to guide you through these uncharted lanes than Ock Chain – The Bitcoin Boss and the Consensus Corner Boys?
Ock Chain doesn’t just cook up random details about cryptocurrency; he lives it. Ock’s been deep in the game since Bitcoin was just a baby.
And let’s not forget about the Consensus Corner Boys. They’re our skilled crew of blockchain enthusiasts. They’re here to educate, entertain, and enlighten.
Welcome to Blockchain Bodega!
Copyright © 2023 Blockchain Bodega. All rights reserved.
