
Kash Patel Touts AI Overhaul of FBI Crime-Fighting Operations
FBI Director Kash Patel promotes AI tools for crime-fighting and child recovery.

Wasabi Protocol was drained of approximately $4.55 million due to a compromise of its admin key. The exploit allowed attackers to upgrade vaults and drain funds without any protective measures in place.
Mentioned in this story
DeFi can't stop bleeding, and Wasabi Protocol is the latest to find out why. Wasabi Protocol, a perpetuals trading platform built on Ethereum and Base, was drained of approximately $4.55 million on Thursday after attackers compromised the protocol's deployer key, security firm [Blockaid said in an X post](/
🚨 Blockaid's exploit detection system identified an on-going admin-key compromise exploit on @wasabi_protocol across Ethereum and Base. The Wasabi: Deployer EOA was used to grant ADMIN_ROLE to an attacker helper contract, which then UUPS-upgraded the perp vaults and LongPool to…
— Blockaid (@blockaid_) April 30, 2026
). The hack is the latest in a month that has produced over $605 million in DeFi losses across at least 12 incidents. The mechanic was an externally owned account, or EOA, called wasabideployer.eth held the sole ADMIN\_ROLE in Wasabi's permission system. An EOA is a wallet controlled by a private key, as opposed to a smart contract. Whoever holds the key controls the wallet. Once the attacker had access to the deployer key, they called grantRole on the permission contract to give themselves admin privileges with zero delay. Their helper contract then upgraded Wasabi's perp vaults and LongPool to malicious implementations that drained the balances, Blockaid said. The exploit relied on UUPS upgradeability, a pattern where a smart contract can swap out its underlying code while keeping the same address. UUPS is widely used because it lets developers fix bugs without migrating users. It also means that if an attacker controls admin permissions, they can replace the contract's logic with anything they want, including code designed to steal funds. Wasabi had no timelock or multisig protecting the admin role, Blockaid said. A timelock forces a delay between when an admin action is announced and when it executes, giving users time to react. A multisig requires multiple signers to approve a change. Wasabi had neither, leaving a single key holding full control over the protocol.
🚨 Blockaid's exploit detection system identified an on-going admin-key compromise exploit on @wasabi\_protocol across Ethereum and Base. The Wasabi: Deployer EOA was used to grant ADMIN\_ROLE to an attacker helper contract, which then UUPS-upgraded the perp vaults and LongPool to…
— Blockaid (@blockaid\_) April 30, 2026 Compromised contracts include Wasabi's wWETH, sUSDC, wBITCOIN, wPEPE, and Long Pool vaults on Ethereum, plus its sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, and sBRETT vaults on Base, per Blockaid. Users holding Wasabi LP tokens were urged to revoke any active approvals to the vault contracts, since the underlying assets backing those tokens had either been drained or remained at risk. The Wasabi attack closely mirrors the Drift Protocol exploit on April 1, when North Korea-linked attackers used a compromised admin key to drain $285 million from the Solana-based perpetuals exchange. In that case, the attackers also exploited a single-key admin setup with no governance timelock, listing a fake token as collateral and raising withdrawal limits . Three weeks later, on April 19, when an attacker exploited a single-verifier configuration in the protocol's LayerZero bridge, releasing 116,500 unbacked rsETH that was then used as collateral to borrow real ether from Aave. The cumulative DeFi loss total for 2026 has now passed $770 million across more than 30 reported incidents. April alone accounts for the majority of that figure. Smaller breaches this month have hit CoW Swap ($1.2 million), Grinex ($13.74 million), Resolv Labs ($23 million), Volo Protocol ($3.5 million), among others. What ties them together is not a new vulnerability. Each incident produces the same post-mortem language about lessons learned, but the next exploit usually arrives before the lessons get implemented. Wasabi has not yet issued a public statement on the incident.
Approximately $4.55 million was drained from Wasabi Protocol.
The hack was caused by a compromise of the protocol's deployer key, which allowed attackers to gain admin privileges.
The attackers exploited the lack of a timelock and multisig protection on the admin role, allowing them to replace contract logic with malicious code.
The Wasabi Protocol hack mirrors other recent incidents, such as the Drift Protocol exploit, where a compromised admin key led to significant losses.

FBI Director Kash Patel promotes AI tools for crime-fighting and child recovery.

Bitcoin outperformed ETH, XRP, BNB, and SOL during market stress in 2025-2026.

Morgan Stanley's E*Trade disrupts crypto trading with lower fees, impacting Coinbase and others.

Circle's Q1 revenue grows 20% to $694M but misses forecasts amid rising competition.

Sharplink faces a $686 million loss while launching a $125 million yield fund with Galaxy.

Bitcoin's current pattern mirrors past setups that led to a 400% rally.
See every story in Crypto — including breaking news and analysis.