Wasabi Protocol Updates Security Incident Response: Final User Compensation Plan Not Yet Reached

Odaily, In a security incident update, Wasabi Protocol stated that an attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal private keys controlling EVM smart contracts. From these contracts, approximately $4.8 million in user funds and $900,000 from the protocol treasury were stolen.

The attack chain began with a public server used for analysis. Its Actuator heap dump was not adequately protected by a password, allowing the attacker to obtain credentials for another server. This ultimately led to control over the smart contract private keys. The incident only affected EVM deployments, including certain vaults on Ethereum, Base, Blast, and Berachain. Solana deployments and Prop AMM were unaffected.

Wasabi Protocol stated that a final plan for user compensation has not yet been established, but "making all affected users whole" remains the team's highest priority. Future updates on the investigation will be shared via its Discord community.