Skip to content
- Berachain warns users to withdraw funds and revoke approvals after Wasabi exploit.
- Admin key breach enabled attacker to drain $5M across multiple blockchain networks.
- Vaults were halted on Berachain; BGT rewards are safe as teams track attacker funds.
The Berachain Foundation issued an urgent alert after a security breach hit Wasabi Protocol across multiple chains. The foundation warned users to withdraw funds immediately and revoke approvals. The move followed a coordinated exploit that exposed assets and disrupted integrated vault systems.
The Berachain Foundation confirmed that Wasabi deployments linked to Berachain were affected. It asked users to act quickly and exit positions. The team also shared contract tags for approval revocation to reduce further exposure.
The foundation estimated that about $50,000 tied to Berachain users remains at risk. It advised users to use revoke.cash to remove permissions. At the same time, Wasabi reward vaults on Berachain were halted to limit additional damage.
Berachain Pauses Vaults After Breach
Further updates linked the breach to a compromised admin key within Wasabi Protocol. The foundation said affected vaults were paused and redlisted. This step ensured no new emissions could enter compromised contracts during the response phase.
Berachain clarified that BGT rewards in its native RewardVaults remain safe. Users can still claim those rewards without interruption. The team also said it is working with Blockaid and ZeroShadow to investigate and track the attacker.
The exploit occurred early Thursday and disseminated through various networks. These were Ethereum, Base, Berachain, and Blast. The assault affected several vaults and liquidity pools that were connected with the protocol.
Security company PeckShield raised flags about the incident shortly after it started. The activity detected by another company, Hypernative, at 07:48 UTC. It reported that the exploit is due to a deployer key breach and took approximately two hours.
Also Read: Syndicate Bridge Hack Sparks Panic as $330K Exploit Sends SYND Crashing
The investigators discovered that the attacker had gotten access via a hacked externally owned account. This access facilitated the entire administrative action on core contracts. Then, malicious contracts were deployed to divert collateral and empty funds.
TVL Declines After Multi-Chain Exploit
According to Blockaid, key vault systems and long-pool systems were upgraded during the breach. Such modifications allowed the attacker to steal assets in a short time. Then, money is transformed into ETH and put in several wallets.
Part of the stolen funds were sent to Tornado Cash to hide the tracks of transactions. The largest single loss reached about 840 ETH, valued near $1.9 million. Other assets that were impacted were USDC and some memecoins.
Prior to the exploit, Wasabi Protocol contained about $8.5 million of total value locked. According to DeFiLlama data, that number has now decreased to $7.98 million. The fall is an indicator of losses incurred in the attack.
The preliminary results show that the problem is not related to the insecure smart contract code. Rather, it is caused by compromised access to administration. After exposing the key, the attacker assumed complete control and carried out the exploit.
Also Read: HK Sounds Alarm As Fake Stablecoins Impersonate HSBC And Anchorpoint
