Blockaid says an active exploit is abusing an admin key on the Wasabi protocol across Ethereum and Base, draining user funds in real time. The incident appears to involve a malicious or compromised privileged wallet changing protocol settings or routing assets to attacker‑controlled addresses.
Because this is a live security event, users interacting with Wasabi Protocol or related contracts face a high risk until the exploit path is fully shut down and contracts are secured.
How Attackers Are Draining Wasabi Protocol Funds
According to Blockaid’s alerts and early community reports, the exploit targets an admin key with authority over Wasabi protocol contracts on Ethereum and on Coinbase’s Base network. The attacker is using that power to modify configurations or upgrade logic in ways that let them move assets out of user‑linked contracts. In practice, an attacker can siphon funds even when users never sign an obviously malicious transaction.
As Blockaid describes the exploit as “live,” it suggests the attacker is still actively probing and draining new positions rather than cashing out a single haul.
That kind of attack often comes in waves as the attacker tests limits, hits specific pools or vaults, then widens the scope once they see what works. In many similar cases, damage continues until contracts are paused or keys are rotated. So far, losses are estimated at over $4.5 million.
Moreover, on-chain investigator ZachXBT questioned why a single externally owned account held unchecked control over the protocol with no multisig, timelock, or DAO governance in place. He also suggested the team had burned runway on influencer relationships, pointing to a 2023 post naming @KookCapitalLLC as a protocol advisor, rather than investing in basic security infrastructure.
Admin Key Attacks Put Every DeFi User at Risk
Admin keys sit at the top of a protocol’s power structure. They can usually change parameters, move liquidity, upgrade contracts, or redirect fee flows. When an attacker compromises or misuses such a key, they break the protocol’s usual safety assumptions because they appear to be a legitimate controller on‑chain.
For users, this kind of exploit is hard to spot and avoid. Even careful wallet hygiene will not help if a trusted admin wallet quietly points contract logic at the wrong addresses. That is why many mature DeFi projects adopt multisig, timelocks, and governance processes that slow or limit unilateral changes.
Interacting with affected contracts is risky until the Wasabi team and independent security researchers confirm that the exploit has been stopped. That includes depositing new funds, compounding yields, or signing any transaction that touches Wasabi‑linked addresses on Ethereum or Base.
Wasabi Protocol has since acknowledged the situation in a brief public statement: “We’re aware of an issue and are actively investigating. As a precaution, please do not interact with Wasabi contracts until further notice. We’ll share an update as soon as we have more information.”
READ MORE: Ethereum Price Prediction: Triangle Emerges as CLARITY Act Odds Slips
