Wasabi Protocol Updates Progress on Security Incident: Final User Compensation Plan Yet to Be Reached

Odaily, Wasabi Protocol has issued an update on the security incident, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal the private keys controlling EVM smart contracts, and subsequently drained approximately $4.8 million in user funds and $900,000 from the protocol's treasury from the related contracts.

The attack chain began with a public server used for analysis, where the Actuator heap dump was not properly password-protected, allowing the attacker to obtain credentials for another server and ultimately gain control over the smart contract private keys. This incident only affected EVM deployments, including certain vaults on Ethereum, Base, Blast, and Berachain. Solana deployments and Prop AMM were not affected.

Wasabi Protocol stated that no final decision has yet been made regarding user compensation, but "making all affected users whole" remains the team's top priority. Future investigation updates will be published in the Discord community.