Wasabi Protocol told users on April 30 to stop interacting with its contracts while the team investigates what security firm Blockaid described as an ongoing admin-key compromise exploit affecting deployments on Ethereum and Base.

What happened

In its public notice, Wasabi said only that it was aware of an issue and asked users not to touch protocol contracts until further notice. Blockaid published a more detailed alert, saying the protocol's deployer account was used to grant ADMIN_ROLE to an attacker-controlled helper contract, which then UUPS-upgraded Wasabi perp vaults and LongPool to malicious implementations.

Blockaid also posted transaction hashes for drain activity on both chains. The linked Etherscan and BaseScan records show successful transactions from the same exploiter address interacting with the same target contract and moving multiple ERC-20 assets.

Why it matters

CoinDesk reported that the exploit drained roughly $4.55 million. That number should still be treated as an early estimate, but the broader facts are already clear: Wasabi has acknowledged an active incident, Blockaid has published a technical description of the exploit path, and onchain records show successful drain transactions on both Ethereum and Base.

The incident is another reminder that a single privileged key around upgradeable contracts can become a protocol-wide failure point. Until Wasabi publishes a fuller post-mortem, the safest verified takeaway is simple: the protocol is in incident response mode, and users have been told to stay away from the affected contracts.