Blockaid says an active exploit is abusing an admin key on the Wasabi protocol across Ethereum and Base, draining user funds in real time. The incident appears to involve a malicious or compromised privileged wallet changing protocol settings or routing assets to attacker‑controlled addresses. Because the situation is a live security event, users interacting with Wasabi or related contracts face high risk until the exploit path is fully shut down and contracts are secured.
What Blockaid Detected
According to Blockaid’s alerts and early community reports, the exploit targets an admin key with authority over Wasabi protocol contracts on Ethereum and on Coinbase’s Base network. The attacker is using that power to modify configurations or upgrade logic in ways that let them move assets out of user‑linked contracts. In practice, an attacker can siphon funds even when users never sign an obviously malicious transaction.
Because Blockaid describes the exploit as “live,” it suggests the attacker is still actively probing and draining new positions instead of just cashing out a single haul. That kind of attack often comes in waves as the attacker tests limits, hits specific pools or vaults, then widens the scope once they see what works. In many similar cases, damage continues until contracts are paused or keys are rotated.
Why Admin Key Attacks Are So Dangerous
Admin keys sit at the top of a protocol’s power structure. They can usually change parameters, move liquidity, upgrade contracts or redirect fee flows. When an attacker compromises or misuses such a key, they break the protocol’s usual safety assumptions because they appear to be a legitimate controller on‑chain.
For users, that makes this kind of exploit hard to spot and hard to avoid. Even careful wallet hygiene will not help if a trusted admin wallet quietly points contract logic at the wrong addresses. That is why many mature DeFi projects move to multisig, timelocks and governance processes that slow down or limit unilateral changes.
Interacting with affected contracts is risky until the Wasabi team and independent security researchers confirm that they have stopped the exploit. That includes depositing new funds, compounding yields or signing any transaction that touches Wasabi‑linked addresses on Ethereum or Base.
If you already have funds in the protocol and it is still operational, the safest move in most past admin-key incidents has been to withdraw as soon as it is technically possible and gas conditions allow.
READ MORE: Ethereum Price Prediction: Triangle Emerges as CLARITY Act Odds Slips
