Wasabi Protocol disclosed a security incident today (May 9) in which attackers exploited a Spring Boot Actuator misconfiguration in its AWS infrastructure to steal private keys controlling EVM smart contracts. The breach resulted in approximately $4.8 million in user funds and $900,000 in protocol reserves being stolen across Ethereum, Base, Blast, and Berachain vaults, totaling $5.7 million in losses. Solana deployments and Prop AMM were unaffected. The protocol stated that compensating all affected users remains its highest priority, though no final compensation plan has been announced yet.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
LayerZero Issues Public Apology on May 8, Admits Fault in Single-Verifier Setup for Kelp DAO Exploit
According to The Block, LayerZero issued a public apology on Friday for its handling of the April 18 exploit that drained roughly $292 million in rsETH from Kelp DAO's cross-chain bridge. The protocol acknowledged it made a mistake by allowing its Decentralized Verifier Network (DVN) to serve as the
GateNews2h ago
Crypto Wrench Attacks Rise: Victims Lose $101M in First Four Months of 2026, Families Increasingly Targeted
According to CertiK, crypto wrench attack victims lost approximately $101 million in the first four months of 2026, with the trend projected to reach hundreds of millions for the full year. The security firm verified 34 incidents globally, representing a 41% increase from the same period in 2025, wi
GateNews3h ago
Tether's USDT0 Unveils 3/3 Verification Mechanism, Launches $6M Bug Bounty Program After Kelp Incident
According to ChainCatcher, Tether's USDT0 protocol unveiled its security architecture following the Kelp incident, implementing a 3/3 verification consensus mechanism requiring three independent validators using separate codebases. Current validator nodes include USDT0's proprietary DVN,
GateNews5h ago
Malaysian Police Seized 50,000 USDT from Chinese Nationals in February; Investigation Stalls After Three Months
According to ChainCatcher, eight Chinese nationals were forced to transfer approximately 50,000 USDT after a police raid on a rented villa in Kajang, Malaysia in February. Police claimed the suspects were involved in fraud and subsequently arrested 12 officers involved in the incident, removing
GateNews6h ago
12 Malaysian Police Officers Robbed Chinese Citizens of $50,000 USDT in February; Investigation Stalled as of May 10
According to BlockBeats, 12 Malaysian police officers were arrested after allegedly robbing Chinese citizens of approximately $50,000 USDT during a raid on a rented villa in Kajang, Selangor in February 2026. The officers have been suspended pending investigation, which is awaiting cryptographic
GateNews6h ago
North Korean Lazarus Group Hides Malware in Git Hooks to Target Developers
According to OpenSourceMalware research, North Korean hacking group Lazarus has hidden second-stage malware loaders in Git Hooks pre-commit scripts during targeted attacks on developers, a report revealed on May 9. The group uses a technique called "Contagious Interview" to lure developers into
GateNews7h ago
