On April 30th, the Wasabi project was hacked. According to PeckShield experts, the damage exceeded $5 million.
#PeckShieldAlert @wasabi_protocol has been exploited for $5M+ across multiple chains, including Ethereum, Base, Berachain, & Blast. pic.twitter.com/zkWjEkZMMp
— PeckShieldAlert (@PeckShieldAlert) April 30, 2026
Experts from CertiK estimated the losses at $5.5 million. The attack affected funds across several networks: Ethereum, Base, Berachain, and Blast.
UPDATE:
Total losses amount to ~$5.5M across the ETH, BASE, BLAST, and BERA chains:https://t.co/c37s3gNtwBhttps://t.co/Sj9gtovG5Khttps://t.co/E5W6LLDuenhttps://t.co/fUZrwM5NmK
— CertiK Alert (@CertiKAlert) April 30, 2026
According to Blockaid, the attacker gained access to an administrative key and through a special Wasabi wallet, appointed their version of the contract as the manager. Using UUPS upgrade, they altered the internal logic of the platform’s storage and extracted the assets.
The founder of SlowMist, under the pseudonym Cos, highlighted the protocol’s weak security mechanisms. According to him, storage management was conducted by a single EOA without multisig, time lock, or DAO. This allowed the hacker to compromise the private key easily, raising questions within the community.
Why did a single EOA seemingly have so much control without basic safeguards?
Seems your runway was burned on KOL grifters like Kook…. https://t.co/sRNtM8Ai8K pic.twitter.com/rXzCSZpCD0
— ZachXBT (@zachxbt) April 30, 2026
BlockSec added that administrative roles were assigned to wallets funded through the crypto mixer Tornado Cash.
According to Cyvers, the cybercriminal stole WETH, PEPE, MOG, USDC, ZYN, REKT, cbBTC, AERO, VIRTUAL and has already converted the assets into ETH, distributing them across multiple addresses.
🚨ALERT🚨Our system has detected multiple suspicious transactions involving @wasabi_protocol
An address funded via @TornadoCash deployed a malicious contract on both #Base and #Ethereum, extracting approximately $4.5M across multiple assets, including $WETH, $PEPE, $MOG, $USDC,… pic.twitter.com/UHTRNvqZ15
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 30, 2026
The Wasabi team confirmed the hack and advised users not to interact with the protocol’s contracts until further notice.
“We will provide updated information as soon as new data becomes available,” the developers noted.
Earlier, on April 28th, the Ethereum infrastructure project Syndicate was also hacked. Cybersecurity experts estimated the losses at $330,000.
At the same time, attackers breached the Aftermath Finance exchange in the Sui ecosystem, extracting about $900,000 in USDC.
The day before, the L1 network ZetaChain was affected. Developers stated that the incident only impacted the team’s internal wallets, with damages amounting to $333,868.