Wasabi Protocol Reports Security Breach Exploiting AWS Vulnerability

Wasabi Protocol has released an update regarding a security incident involving a vulnerability in its AWS infrastructure. According to ChainCatcher, attackers exploited a configuration flaw in the Spring Boot Actuator, allowing them to steal private keys controlling EVM smart contracts. This breach resulted in the theft of approximately $4.8 million in user funds and $900,000 from the protocol's treasury. The attack began with a public server used for analysis, where the Actuator heap dump was not adequately password-protected. This oversight enabled attackers to obtain credentials for another server, ultimately gaining control over the smart contract private keys. The incident affected EVM deployments, including those on Ethereum, Base, Blast, and Berachain, while Solana deployments and Prop AMM remained unaffected. Wasabi Protocol has not yet finalized a compensation plan for affected users but emphasized that compensating all impacted users is a top priority. The team plans to provide updates on the investigation's progress through their Discord community.