Skip to main content
Sign in
Wasabi Protocol1 decision on this page

Audit log

Every state-changing event for Wasabi Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 00:20:43Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,660,369
    sig
    5wrNnqrSQohp…iVbEp8Pfexplorer ↗
    hash
    Hyf9K5PMUVUV…WCuERJ6msha256 → base58
    verifying row…full verify ↗
    canonical bytes (3468 B) ▸
    {"actor":"system:backfill","investigation_id":"1cca8f4f-3a82-4091-9f74-de60c8021c13","kind":"publish","page_slug":"wasabi","published_at":"2026-05-19T00:20:43.834Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Wasabi Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Wasabi Protocol is a decentralized perpetual futures and leveraged trading platform for memecoins and long-tail assets, deployed on Ethereum, Base, Berachain, and Blast. On April 30, 2026, the protocol suffered a critical multi-chain exploit in which a compromised admin deployer key was used to execute malicious UUPS proxy upgrades across core contracts, draining over $5 million in user funds. Security firm BlockSec reported that the attacker's wallets had been funded via Tornado Cash, and on-chain investigator ZachXBT publicly criticized the protocol for single-EOA admin control, absence of a timelock or multisig, and alleged misappropriation of project funds on influencer marketing.","timeline":[{"date":"2024-06-18","event":"Wasabi Protocol raises $3 million seed round led by Electric Capital, with participation from Alliance, Memeland, and several prominent crypto investors and influencers.","source":"","source_url":"https://www.theblock.co/post/300465/memecoin-leverage-trading-protocol-wasabi-funding"},{"date":"2026-04-30","event":"Wasabi Protocol suffers a multi-chain admin key compromise exploit. Attacker uses compromised wasabideployer.eth key to grant ADMIN_ROLE to a malicious contract and execute UUPS upgrades on core contracts across Ethereum, Base, Berachain, and Blast, draining over $5 million.","source":"","source_url":"https://www.halborn.com/blog/post/explained-the-wasabi-protocol-hack-april-2026"},{"date":"2026-04-30","event":"BlockSec Phalcon system alerts on $5.15M in abnormal Wasabi Protocol fund movements, reporting that preliminary traces link Tornado Cash-funded accounts to the ADMIN_ROLE grants used in the attack.","source":"","source_url":"https://x.com/Phalcon_xyz/status/2049772035736539516"},{"date":"2026-04-30","event":"CoinDesk reports the exploit as an apparent admin key compromise, estimating $4.5 million drained. The Block puts the figure at over $5 million based on multi-chain totals from security firms.","source":"","source_url":"https://www.coindesk.com/tech/2026/04/30/wasabi-protocol-drained-for-usd4-5-million-in-apparent-admin-key-compromise"},{"date":"2026-04-30","event":"ZachXBT publicly criticizes Wasabi Protocol's single-EOA admin architecture and alleges project funds were spent on influencer marketing (including KOL Kook) rather than security infrastructure.","source":"","source_url":"https://bitcoinworld.co.in/wasabi-hack-zachxbt-criticism/"},{"date":"2026-05-01","event":"Halborn publishes a technical post-mortem confirming root cause as private key security failure and governance design, not exploitable smart contract code. Attacker address 0x02228b0afcdbEdf8180D96Fc181Da3AF5DD1d1ab identified.","source":"","source_url":"https://www.halborn.com/blog/post/explained-the-wasabi-protocol-hack-april-2026"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision cb10ceef-3946-4703-9296-51ec5c4455e1
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.