Wasabi Protocol updates on the progress of security incident handling: No final update on the user compensation plan has been provided yet

Wasabi Protocol released a security incident update, stating that attackers exploited a configuration vulnerability in the Spring Boot Actuator within its AWS infrastructure to steal the private keys controlling EVM smart contracts, resulting in the theft of approximately $4.8 million in user funds and $900,000 in protocol treasury funds, with total losses amounting to about $5.7 million.

The attack chain began with a public server used for analysis, whose Actuator heap dump was not properly password protected, allowing attackers to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident only affected EVM deployments, including certain treasuries on Ethereum, Base, Blast, and Berachain, while Solana deployments and Prop AMM were not affected.

There has not yet been a final update on the user compensation plan, but "ensuring all affected users are compensated" remains the team's top priority, and updates on the investigation progress will be released in the Discord community in the future.