Wasabi Protocol更新安全事件处理进展：尚未达成用户赔付最终方案

Odaily news, Wasabi Protocol has released an update on the security incident, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal the private keys controlling EVM smart contracts, and subsequently stole approximately $4.8 million in user funds and $900,000 in protocol treasury funds from the relevant contracts.

The attack chain began with a public-facing server used for analysis, where the Actuator heap dump was not adequately protected by a password, allowing the attacker to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident only impacted EVM deployments, including certain vaults on Ethereum, Base, Blast, and Berachain. The Solana deployment and Prop AMM were not affected.

Wasabi Protocol stated that a final plan for user compensation has not yet been reached, but "making all affected users whole" remains the team's top priority. Future updates on the investigation will be posted in its Discord community.