Ekubo Protocol suffered losses of approximately $1.4 million in WBTC after attackers exploited an access control vulnerability in router swap contracts on EVM, further extending the chain of recent DeFi security incidents.
Ekubo is an AMM based on the concentrated liquidity model, initially built on Starknet and then expanding to Ethereum and Arbitrum, notable for its "singleton" architecture and modular scaling system.
According to security firm Blockaid, the attack targeted a vulnerability in the "payment callback" section of EVM's v2 extension contracts. Specifically, the contract received parameters such as payer, Token , and quantity from data controlled by the attacker, but failed to verify XEM the "payer" actually authorized the transaction.
Taking advantage of this vulnerability, the attackers withdrew funds from wallets that had previously granted access to the affected routers. The group carried out the theft through approximately 85 consecutive transactions very quickly.
According to on-chain data alerted by monitoring systems like Cyvers, the primary victim lost approximately 17 WBTC. The stolen funds were then converted to WETH and Dai.
Ekubo quickly issued a warning: “There is currently a security issue on Ekubo’s swap router contract, affecting only EVM chains.” The project emphasized that LP were not affected. Ekubo’s core implementation on Starknet and overall liquidation were also unaffected.
Ekubo also recommends that users immediately revoke any granted permissions via revoke.cash.
Follow CoinMoi to stay updated on the hottest issues in the crypto market. Okay!!
The article "Ekubo exploited, $1.4 million loss Wrapped Bitcoin" first appeared on CoinMoi .
