On April 30, 2026, the multi-chain yield protocol Wasabi Protocol experienced a security incident. According to multiple security agencies, the core cause of this event points to the leakage of the private keys of the deployment wallet or administrator. Data from AiCoin shows that the attacker added a malicious address as the contract administrator through a single transaction, thus illegally obtaining the privileged role of the protocol and attacking the protocol contracts on multiple chains such as ETH, Base, Blast, and Berachain. In terms of loss estimation, there are slight differences in data from various agencies: CertiK reported that approximately $2.9 million has been stolen, with the stolen assets dispersed across multiple addresses such as 0xb8Bb...70dB and 0x6244...f906; meanwhile, PeckShield's statistics show that the total amount of stolen assets across chains is approximately $5.5 million. The Wasabi team has urgently issued a statement acknowledging the abnormalities in the protocol and reminding users to stop all interactions with related contracts until further notice.

In response to this cross-chain security incident triggered by the leakage of privileged private keys, the Berachain Foundation quickly took risk isolation measures. Berachain stated on the X platform that they have immediately stopped and blacklisted the affected Wasabi reward vaults on their network and halted the BGT emission rewards to the compromised contract to ensure that no new BGT would flow into malicious addresses. Berachain emphasized that its native RewardVaults funding remains secure and users can still claim rewards normally without being affected by this incident. However, Berachain strongly advises all users who have interacted with Wasabi on that chain to revoke related token approvals immediately to prevent potential risks related to permission ownership. This incident not only tested Berachain's emergency response and isolation capabilities against external protocol risks but also sounded the alarm again for the security of permission management in on-chain protocols.

Wasabi Multi-chain Breach: Privileged Role Lost Through a Single Transaction

The core of this security incident lies in the unexpected transfer of the highest authority of the protocol. According to the monitoring report from the security agency PeckShield, the Wasabi Protocol likely suffered a serious leakage of the administrator's private key. The attacker did not execute the attack through complex smart contract logical vulnerabilities but directly added a malicious address as the contract administrator via a key transaction, thus gaining absolute control over the protocol. CertiK's preliminary investigation also corroborated this pathway: after invading Wasabi's deployment wallet, the attacker successfully obtained a privileged role. This method of attacking from the lowest level of authority allowed the attacker to bypass conventional business logic restrictions and directly operate on the vault's assets.

In estimating the scale of losses, there are certain discrepancies in the data provided by different security agencies due to the involvement of asset movements across multiple chains. According to AiCoin's consolidated data, CertiK initially disclosed that approximately $2.9 million has been stolen, and the stolen assets are currently dispersed, mainly distributed across several addresses controlled by the attacker, including 0xb8Bb...70dB (holding about $677,000) and 0x6244...f906 (holding about $1.1 million). However, as on-chain tracking deepened, PeckShield pointed out that the impact of this incident has covered multiple mainstream networks including ETH, Base, Blast, and Bera, with their estimated total loss amounting to about $5.5 million.

In response to the chain reaction caused by the loss of authority, Wasabi Protocol immediately announced on social media that they are aware of the security issues within the protocol and are conducting an active investigation. Until the official final investigation report and repair plan is provided, Wasabi has explicitly reminded all users to stop any form of interaction with the protocol contracts. Currently, the stolen funds are still scattered across multiple chain addresses, and there have not been any signs of large-scale money laundering or cross-chain transfers. This multi-chain security storm triggered by the leakage of deployment wallet private keys not only plunged Wasabi into a credibility crisis but also forced the related ecological chain to take emergency measures to prevent the risk from spreading further.

Berachain Blacklists Wasabi Vaults and Halts BGT

After confirming that the Wasabi Protocol encountered a private key leak, the Berachain Foundation quickly intervened, implementing emergency isolation measures for the affected asset paths within its ecosystem. According to an announcement released by Berachain on the X platform, this private key leak incident has directly impacted multiple Wasabi reward vaults deployed on its network. To curb further losses, Berachain has taken decisive action by suspending the operation of these affected vaults and blacklisting them. This operation aims to cut off the attacker's access to continue withdrawing or manipulating vault assets through existing permissions, temporarily locking risks within the known damaged range.

Regarding Berachain's specific BGT emission mechanism, the official has also adjusted the reward distribution strategy. Currently, Berachain has officially stopped issuing BGT emission rewards to the compromised Wasabi-related contracts. According to data from AiCoin, BGT, as a core incentive asset within the ecosystem, is critical to the protocol's liquidity; by interrupting the emission, Berachain ensures that no new BGT increments flow into the affected malicious contracts, thereby protecting ecological rewards from being illegally siphoned by attackers.

While addressing protocol-level risks, the Berachain Foundation issued a security alert to all users. The official clearly stated that all users who have interacted with the Wasabi Protocol on Berachain must immediately revoke token approvals directed at the affected contract addresses to prevent assets stored in personal wallets from being attacked again. Additionally, Berachain clarified the risk boundaries: this security incident is limited to third-party vaults related to Wasabi, and the BGT reward funds within Berachain's native RewardVaults are safe and not affected by the private key leak, and users can still claim their native rewards as usual.

Private Key Leak Sounds the Alarm Again: Single Point of Failure in Cross-Chain Protocols

This Wasabi Protocol security incident once again reveals the vulnerability of DeFi protocols in permission management. Preliminary investigations by the security agencies CertiK and PeckShield show that the attack did not originate from complex contract code logical vulnerabilities, but rather a typical "single point of failure"—the invasion of the administrator's private key or deployment wallet. On-chain evidence provided by PeckShield indicates that the attacker successfully added a malicious address as the contract administrator through a single transaction. Such high operational permission, lacking multi-sign verification or time-lock checks, allows high-risk privileged operations to be abused in an instant. According to data from AiCoin, this "no logical vulnerabilities but permission key loss" pattern has become the most challenging flaw to prevent in the current operation and maintenance of DeFi protocols.

The architectural characteristics of cross-chain protocols further amplify the destructive power of private key leaks. Since Wasabi reused the same permission management logic or deployment wallet across multiple chains such as ETH, Base, Blast, and Bera, the loss of a single node's private key rapidly transformed into multi-chain-level asset losses. PeckShield estimates that this event has led to approximately $5.5 million in stolen assets across various chains, while CertiK's monitoring detected stolen amounts of about $2.9 million, with funds being dispersed across multiple addresses including 0xb8Bb...70dB and 0x6244...f906. This "resonance effect" of cross-chain permissions reminds developers that in pursuit of cross-chain liquidity, failing to implement permission segmentation or introducing stricter on-chain governance thresholds may result in global asset risks for the protocol.

In previous DeFi security incidents, overly large privileged private key permissions or low multi-sign thresholds have always been core inducements. In the Wasabi case, the attacker executed the attack by obtaining the privileged role of the deployment wallet, reflecting a gap in the risk control processes during the early deployment and later operational stages of the protocol. For the industry, simply relying on audited contract code is no longer sufficient to ensure fund safety; how to achieve physical decentralization of permissions at the governance level, introduce more complex risk control logic, and conduct real-time on-chain monitoring of high-permission addresses has become a key operational challenge that cross-chain protocols must address during their multi-chain expansion.

Berachain Risk Isolation and Vault Division

After confirming the private key leak of the Wasabi Protocol, Berachain quickly took on-chain intervention measures to block the risk from spreading to its ecosystem's core layer. According to AiCoin data, the Berachain Foundation has used governance permissions to suspend the affected Wasabi reward vaults and has blacklisted them. The core logic of this operation is to cut off the flow of BGT emission rewards, ensuring that new ecological incentives are no longer injected into the compromised contract addresses. Berachain official clearly emphasized that this risk entirely stems from the private key leak of Wasabi, the external collaborator, and not from a vulnerability in Berachain's native contract logic. By isolating the risk within the specific contract range related to Wasabi, Berachain's native RewardVaults maintain fund safety, allowing users to still claim their BGT rewards normally, thus achieving a physical separation of external application risks and underlying incentive mechanisms at the protocol level.

Although Berachain reacted swiftly, the vulnerability arising from the deep binding of cross-chain protocol security and ecological incentives has once again been highlighted. Berachain disclosed on social media that approximately tens of thousands of user assets on its chain (initially estimated at around $50,000, this data is still pending final verification) are in a state of risk exposure. Compared to PeckShield's estimate of $5.5 million total losses across chains, the scale of losses on Berachain is relatively limited, which is primarily attributed to its management capabilities regarding BGT emissions. Berachain has issued urgent alerts to all users who have interacted with Wasabi on-chain, urging them to revoke related token approvals immediately to prevent attackers from further raiding user wallets using the administrative privileges they have obtained.

In terms of disposal measures, Berachain has shown a strong on-chain governance response speed this time; its combination of blacklisting and halting emissions demonstrates its constraint on third-party protocols in permission design. However, this incident has also prompted the market to reevaluate whitelist governance within the ecosystem. In the future, Berachain may undertake potential adjustments in permission stratification design, multi-sign governance thresholds, and real-time security monitoring for collaborative protocols. For Berachain, how to efficiently distribute incentives within the liquidity proof (PoL) mechanism while establishing a rapid circuit breaker mechanism for third-party protocol security failures will be a key observation direction for improving its ecological defense system.

User Self-Rescue and Follow-Up Observations: Will Such Events Occur Again?

This Wasabi Protocol security incident once again sounds the alarm for permission management in multi-chain protocols. As of April 30, 2026, the latest tracking has basically locked the incident's cause as the leakage of the administrator or deployer private key, rather than a code logic vulnerability, allowing the attacker to implement attacks across ETH, Base, Blast, and Berachain through gaining privileged roles. Currently, the estimates of loss amounts still vary among security agencies, with CertiK monitoring stolen funds of about $2.9 million, while PeckShield's statistics are as high as $5.5 million, with some funds already flowing to hacker-controlled addresses like 0xb8Bb...70dB and 0x6244...f906. In response to this urgent situation, Berachain has taken rapid circuit breaker measures, successfully isolating the possibility of risk further spreading by blacklisting the relevant reward vaults and halting BGT emissions. According to AiCoin's data, the funds in Berachain's native RewardVaults remain secure, and users can still claim their rewards as usual, but for users who have interacted with the Wasabi protocol, the urgency is to immediately revoke related token approvals and refrain from further interactions with its contracts until the official investigation conclusion is finally announced.

Moving forward, the market needs to focus on three core variables: first is the final determination of the loss amount and the flow of funds, especially whether hackers will launder money through mixing platforms; secondly, whether Wasabi Protocol can propose a more credible permission governance solution in its follow-up report, such as introducing stricter multi-sign mechanisms and governance delays to hedge against systemic risks caused by single private key leaks; lastly, this incident may trigger a tightening of external protocol access risk control requirements across various chain ecosystems. For ecosystems like Berachain that rely on the liquidity proof (PoL) mechanism, how to embed more flexible security access standards in future incentive distributions for integrated protocols will determine the long-term stability of their ecological defense systems. As Wasabi's investigation progresses, discussions about the physical separation of governance rights and deployment permissions may become the new norm in the field of on-chain security.

Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
AiCoin On-Chain: https://aicoin.com/hyperliquid
Exclusive AiCoin Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive AiCoin Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。