Wasabi Protocol Hack Drains $4.55M, Highlights UUPS Admin-Key Risk

The Wasabi Protocol hack drained about $4.55M, underscoring how DeFi security can fail fast when admin controls are compromised. Attackers allegedly stole the private key behind the EOA “wasabideployer.eth” and used the permission system to transfer the single ADMIN_ROLE to themselves. Blockaid says the exploit used UUPS’s upgrade flow (grantRole), then replaced perp vault and Long Pool implementations with malicious code. Funds were quickly pulled from: - Ethereum vaults: wWETH, sUSDC, wBITCOIN, wPEPE - Base vaults: sUSDC, wWETH, sBTC, sVIRTUAL, sAERO, sBRETT User guidance: revoke LP token approvals immediately. The incident also reinforces the Wasabi Protocol hack theme that UUPS flexibility can worsen outcomes under admin abuse. New context from the later report: it draws a parallel to the earlier DRIFT Protocol loss (~$285M), and adds that DRIFT was later delisted from Upbit and Bithumb citing “loss of trust”. ETH is trading around ~$2.3k with neutral RSI, but ongoing DeFi hacks may still push crypto risk premiums and short-term futures volatility. For traders, this increases the importance of monitoring DeFi governance/admin-key risk and tightening exposure to vaults with upgradeable permissions.
Bearish
This news is not about spot ETH flow, but it can raise perceived smart-contract and admin-key risk across DeFi venues that use ETH as settlement. The Wasabi Protocol hack and similar governance-key exploits typically lead traders to demand a higher risk premium, increasing short-term volatility in derivatives. The later report’s detail that DRIFT was delisted for “loss of trust” reinforces a risk-off narrative, which can further pressure ETH sentiment even if ETH technicals (neutral RSI) look steady.