Wasabi Protocol updates progress on security incident handling

According to ChainCatcher, Wasabi Protocol has released an update regarding a security incident. The update states that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal the private keys controlling EVM smart contracts, stealing around $4.8 million in user funds and $900,000 from the protocol’s treasury, with total losses of approximately $5.7 million.

The attack chain began with a public server used for analysis. The Actuator heap dump on this server was not properly password-protected, allowing the attacker to obtain credentials for another server and eventually gain control of smart contract private keys. This incident only affects EVM deployments, including some vaults on Ethereum, Base, Blast, and Berachain. Solana deployments and Prop AMM were not affected. There is not yet a final user compensation plan, but “making all affected users whole” remains the team’s top priority. Future updates on the investigation’s progress will be published in the Discord community.