DeFi News

Ekubo Protocol Exploit Sees $1.4M Drained in 85 Transactions

The protocol confirms swap router breach on EVM chains; security firms warn that "unlimited approvals" allowed attackers to bypass authorization via callback flaws.

Written By:
Kenrodgers Fabian

Reviewed By:
Divya Mistry
Ekubo Protocol Exploit Sees $1.4M Drained in 85 Transactions
A contract flaw in Ekubo Protocol’s swap router contract allowed attackers to drain user-approved tokens, highlighting a major security risk in DeFi.
The exploit was traced to a weak function that failed to properly confirm authorization for payments, enabling hackers to trigger transfers without owners’ consent.
The breach exploited a long-standing issue with token permissions, where a single approval can expose large amounts over time if not revoked, as seen in the loss of 17 WBTC from one user’s wallet.

Fresh concerns have hit the decentralized finance (DeFi) space after an exploit hit Ekubo Protocol, putting user funds at risk. The attackers used a contract flaw to drain approved tokens. Early estimates place losses at about $1.4 million across Ethereum and Arbitrum, prompting urgent warnings for users to act.

Ekubo confirmed the breach, saying it affected its swap router contract on EVM chains. However, the team added that liquidity providers and Starknet users were not impacted. It urged users to revoke all active approvals immediately, as the incident again exposes how token permissions can become a major security risk in DeFi.

Exploit traced to approval and callback weakness

Security researchers quickly traced the exploit to a flaw in Ekubo’s contract design. In a Series of posts on X, blockchain security firm Blockaid said attackers targeted a custom extension contract on Ethereum. The issue centered on a weak function that failed to properly confirm who should authorize payments.

As a result, attackers could feed in their own data and trigger transfers from users who had already granted token approvals. In other words, the system trusted outside inputs without enough checks. That gap allowed hackers to move funds without the owners’ consent.

Further analysis from SlowMist Founder Cos showed how the attack played out in practice. One user had given unlimited WBTC approval months earlier. The attacker then ran 85 small transactions, each taking 0.2 WBTC. In total, the wallet lost 17 WBTC, showing how a single approval can expose large amounts over time.

Users urged to revoke approvals 

Revoke.cash warned that users remain exposed until they revoke token approvals. Ekubo, meanwhile, urged users to stay alert and avoid suspicious links as the investigation continues.

This is just an example of a much bigger problem that exists within the industry. April 2026 has already become the most unfortunate month for crypto hacks, with the number of losses around $630 million due to more than 25 attacks.

The hacking at Ekubo has once again brought up the issue of permissions in DeFi, which are known to be very risky if not handled properly. As attacks become more advanced, managing approvals remains one of the weakest points in DeFi security.

Also Read: $41.5 Million Frozen: Inside the Takedown of the DSJ Exchange Ponzi Scheme

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Fabian is Crypto Journalist at The Crypto Times
By Kenrodgers Fabian
Follow:
Kenrodgers Fabian is a Content Writer with over 3 years of experience in crypto news, data analysis, and IT. With a degree in Health Records and Information Technology, he brings a structured and analytical approach to digital reporting. Kenrodgers focuses on delivering accurate, informative content that helps readers stay updated on the latest trends in crypto and emerging technologies.
Divya Mistry - Content Editor at The Crypto Times
By Divya Mistry
Follow:
Divya Mistry is a Sr. Content Editor with over 9 years of experience in news, PR, marketing, and research. Armed with a Master’s Degree in English Literature from the University of Mumbai, she specializes in crafting and refining long-form content across digital and print platforms. Over the years, Divya has contributed to and shaped content for leading brands across a range of industries, including real estate, healthcare, vertical transport, entertainment, lifestyle, education, EdTech, tech, and finance. Her research work has been featured on platforms like DNA India, Forbes, and Elevator World India. She now brings her editorial and research skills to explore the rapidly evolving world of cryptocurrency.

Latest News

Weekly Wrap $122M Liquidated After FOMC Holds Rates, Morgan Stanley Enters ETH ETF Race
Weekly Wrap: $122M Liquidated After FOMC Holds Rates, Morgan Stanley Enters ETH ETF Race
Humanity Protocol Hackers Move Stolen Funds to KuCoin Wallets
Humanity Protocol Hackers Move Stolen Funds to KuCoin Wallets
Small Banks Feel Sidelined in Trump’s Pro-Crypto Agenda
Small Banks Feel Sidelined in Trump’s Pro-Crypto Agenda
Steam Workshop Attack Installs Crypto Miners on Gamers’ PCs: Kaspersky
Steam Workshop Attack Installs Crypto Miners on Gamers’ PCs: Kaspersky
Inside the High-Stakes Corporate War Over the GENIUS Act
Inside the High-Stakes Corporate War Over the GENIUS Act

Find Us on Socials

You may also like