Wasabi Protocol Says AWS Misconfiguration Led to $5.7M Loss

Wasabi Protocol disclosed a security incident in which attackers exploited a Spring Boot Actuator configuration weakness within its AWS environment and stole private keys used to control EVM smart contracts. The breach resulted in the loss of about $4.8 million in user funds and $900,000 from the protocol treasury, totaling roughly $5.7 million. According to the project's update, the intrusion started from a publicly accessible analytics server. An Actuator heap dump on that machine was not properly password-protected, allowing attackers to retrieve credentials for another server and ultimately obtain control of the smart contract private keys. The impact was limited to EVM deployments, including certain treasuries on Ethereum, Base, Blast, and Berachain. Solana deployments and Prop AMM were not affected. The team has not yet announced a final user compensation plan, but said making all affected users whole remains its top priority. Additional investigation updates will be posted in the project's Discord community.