Ekubo DEX users lost $1.4M WBTC yesterday after attackers exploited a flaw in its EVM swap router, highlighting the ever-present risk of stale token approvals.
What’s the Scoop?
-
Approval Exploit: Attackers drained ~$1.4M in wrapped bitcoin (WBTC) from Ekubo users’ wallets by exploiting a flaw in its EVM swap router contracts. The malicious actors executed approximately 85 draining transactions in quick succession before laundering ill-gained proceeds through Tornado Cash. One single victim lost 17 WBTC, comprising the bulk of the losses.
-
Core Systems Safe: The exploit was isolated to Ekubo’s router contracts and did not impact Starknet contracts, leaving the exchange’s liquidity providers and primary deployment unaffected. Ekubo has advised the revocation all outstanding approvals (particularly for Ethereum V2/V3 and Arbitrum V3 users) and is working toward the publication of an attack post mortem.
What’s the Take?
The Ekubo hack adds another data point highlighting the prevalence of onchain risk. As my colleague William Peaster wrote last week, revoking stale token approvals (especially of the unlimited variety) is one of the best and easiest ways to protect yourself from exploits.