The Wasabi Protocol suffered an administrator key compromise that drained more than $5 million from its perpetual vaults and LongPool across Ethereum, Base, Berachain, and Blast, related security firms Blockaid and PeckShield reported.
The attacker obtained ADMIN_ROLE through the protocol’s deployment wallet, then upgraded the vaults with a malicious application that drained users’ balances. About $4.55 million has been extracted at last count, and the investigation remains active.
One key failure behind the hack
Siege tracking The root cause, Wasabideployer.eth, is the only address with ADMIN_ROLE in Wasabi’s PerpManager AccessManager.
The attacker invoked GrantRole on the EOA deployment tool without any delay, instantly converting his coordinator contract to an administrator.
“We are aware of an issue and are actively investigating. As a precaution, please do not interact with Wasabi contracts until further notice,” Wasabi Protocol urge Users.
From there, the UUPS attacker upgraded the Permanent Vaults and LongPool into a malicious application that drained the balances.
The publisher key remains alive. Wasabi and Spicy LP staking tokens from affected vaults have been flagged as compromised, with the redemption value close to zero.
Blockaid noted that the same attacker, coordinator, and strategy bytecode link this incident to previous activity targeting Wasabi.
Echoes of style Previous administrator key incidents It reflects individual EOA administrator settings without time locks or multiple tags. PeckShield estimated total losses at more than $5 million across all four affected chains.
The AI-hacker theory is gaining new oxygen
Meanwhile, the incident comes just hours after three other attacks occurred between Tuesday and Wednesday. BeInCrypto reported on Cascade Tuesdayincluding:
- A $3.46 million drain on the sweat economy, which turned out to be a bailout for the organization, not a hack.
- The Syndicate Commons on Base bridge lost 18.5 million SYND tokens worth between $330,000 and $400,000. The proceeds were converted to Ethereum.
- Aftermath Finance has paused its perpetual protocol after losing approximately $1.14 million USD.
Against these backdrops, analysts are vocal about AI concerns, pointing to the asymmetric dynamic between attacker tools and protocol defenses.
In the same line of thinking, developer Vitto Rivabella has floated a theory that North Korea trained its internal AI on years of stolen DeFi data.
He suggested that the model is now acting as an independent exploiter, exhausting protocols faster than human reviewers can correct them.
“Wild conspiracy theory about recent DeFi hacks: North Korea trained its own version of state-funded Mythos using massive amounts of data obtained by hacking DeFi protocols over the past 10 years. Now they only allow AI-powered DeFi hackers to operate freely and will not stop making money until someone stops them.” books Rivabella.
whether AI is directing the latest series of exploits Whether or not, one-key managerial roles continue to give attackers a clear opportunity.
this post $5M Wasabi Protocol Exploit Accelerates AI-Based DeFi Hacker Theory appeared first on BeInCrypto.
