coin-img-ETHETH+0.29%coin-img-BTCBTC+0.40%coin-img-SOLSOL+0.57%coin-img-HYPEHYPE+2.02%coin-img-XRPXRP-0.04%coin-img-BNBBNB+7.64%coin-img-USDCUSDC+0.01%coin-img-TRXTRX+1.69%coin-img-ETHETH+0.29%coin-img-BTCBTC+0.40%coin-img-SOLSOL+0.57%coin-img-HYPEHYPE+2.02%coin-img-XRPXRP-0.04%coin-img-BNBBNB+7.64%coin-img-USDCUSDC+0.01%coin-img-TRXTRX+1.69%coin-img-ETHETH+0.29%coin-img-BTCBTC+0.40%coin-img-SOLSOL+0.57%coin-img-HYPEHYPE+2.02%coin-img-XRPXRP-0.04%coin-img-BNBBNB+7.64%coin-img-USDCUSDC+0.01%coin-img-TRXTRX+1.69%coin-img-ETHETH+0.29%coin-img-BTCBTC+0.40%coin-img-SOLSOL+0.57%coin-img-HYPEHYPE+2.02%coin-img-XRPXRP-0.04%coin-img-BNBBNB+7.64%coin-img-USDCUSDC+0.01%coin-img-TRXTRX+1.69%

Wasabi Protocol Hit by AWS Misconfiguration Exploit, Losses Total $5.7M

Wasabi Protocol said in a security incident update that attackers exploited a configuration flaw involving Spring Boot Actuator on its AWS infrastructure, gaining access to private keys used to control its EVM smart contracts. The breach led to the theft of about $4.8 million in user funds and roughly $900,000 from the protocol's treasury, for an estimated total loss of $5.7 million. According to the team, the attack started from a publicly accessible server where an Actuator heap dump endpoint lacked password protection. The attackers used data from the heap dump to retrieve credentials for another server and ultimately took control of smart contract private keys. The incident was limited to EVM deployments, affecting certain treasuries on Ethereum, Base, Blast, and Berachain. Wasabi said its Solana deployments and Prop AMM were not impacted. The protocol has not confirmed a user compensation plan and said it will share ongoing investigation updates via Discord.
Selected
ETH
ETH+0.33%
SOL
SOL+0.64%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.