Wasabi Protocol Update: EVM Breach Triggers Lockdown and Probe

A security incident hit Wasabi Protocol on April 30, 2026, resulting in an estimated $4.5 million loss across its Ethereum Virtual Machine (EVM) systems and forcing the team to cut off access to the affected parts of its platform. The protocol clarified that its Solana deployment and Prop AMM were not impacted. It confirmed the situation is now contained, while investigators work to understand exactly how attackers bypassed entry points.

In an update on X, the team warned users to avoid compromised vaults and related positions. It said it quickly blocked the entry point used in the attack and secured the affected systems.

https://twitter.com/wasabi_protocol/status/2050323951130407038?ref_src=twsrc%5Etfw” target=”_blank” rel=”noopener

Wasabi Protocol then rotated all credentials and keys linked to the exposed systems and also brought in external security firms to support the ongoing investigation. The team noted it is still limiting technical details while the review continues, but added that an on-chain message was sent to the wallet linked to the funds, requesting a private resolution.

Security response and user impact

Wasabi Protocol also updated users with new withdrawal guidance. It allowed withdrawals from unaffected EVM vaults but warned users not to interact with exposed contracts. The protocol also listed affected vaults across Mainnet, Base, Blast, and Berachain, including assets such as sUSDC, sWETH, sBITCOIN, and several synthetic tokens.

Following the update, users began checking wallet exposure and revoking permissions linked to the protocol. Revoking access through smart contract tools is a common step to reduce risk after a security breach. The protocol also said unaffected vaults remain completely safe for withdrawals.

Broader DeFi security pressure builds

The incident fits a broader pattern of DeFi exploits linked to access control failures. In several cases, attackers have bypassed smart contracts by compromising admin credentials, putting pressure on protocols to tighten internal security.

Step Finance had previously experienced an attack that involved about 261,854 SOL, which was valued at more than $28 million at the time. On-chain data indicated rapid unstaking and fund transfer from treasury wallets shortly after the attack occurred. The devastation was so severe that Step Finance announced its permanent shutdown just days ago, following failed recovery and acquisition efforts. 

Similarly, Drift Protocol had also been victimized by a significant exploitation of its vaults. Hackers drained an estimated $285 million following a sophisticated social engineering and governance-layer compromise. Blockchain data revealed that the funds were first traded using different tokens and then bridged to the Ethereum blockchain. The balance held in the vaults decreased from $309 million to $41 million.

Such instances indicate continued weaknesses in the DeFi ecosystem with regard to access management. Meanwhile, surviving protocols are racing to improve their surveillance capabilities and reinforce multisig security frameworks across the networks.

Also Read: Aptos-Based Tapp Exchange Shutdown Raises Fresh DeFi Stability Concerns