TechFlow reports that on May 9, Wasabi Protocol released an update regarding a security incident, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal private keys controlling EVM smart contracts, thereby stealing approximately $4.8 million in user funds and $0.9 million from the protocol’s treasury—resulting in total losses of about $5.7 million.
The attack chain originated from a public-facing server used for analysis; its Actuator heap dump was not properly password-protected, enabling the attacker to obtain credentials for another server and ultimately gain control over the smart contract private keys. This incident affected only EVM deployments—including certain treasuries on Ethereum, Base, Blast, and Berachain—while Solana deployments and the Prop AMM remained unaffected. No final user compensation plan has been announced yet, but “fully compensating all affected users” remains the team’s top priority. Updates on the investigation will be shared with the community via Discord.
