0:00
0:00
Subscribe to Bankless or sign in
Ekubo DEX users lost $1.4M WBTC yesterday after attackers exploited a flaw in its EVM swap router, highlighting the ever-present risk of stale token approvals.
What's the Scoop?
- Approval Exploit: Attackers drained ~$1.4M in wrapped bitcoin (WBTC) from Ekubo users' wallets by exploiting a flaw in its EVM swap router contracts. The malicious actors executed approximately 85 draining transactions in quick succession before laundering ill-gained proceeds through Tornado Cash. One single victim lost 17 WBTC, comprising the bulk of the losses.
- Core Systems Safe: The exploit was isolated to Ekubo's router contracts and did not impact
Starknet contracts, leaving the exchange's liquidity providers and primary deployment unaffected. Ekubo has advised the revocation all outstanding approvals (particularly for 
Ethereum V2/V3 and 
Arbitrum V3 users) and is working toward the publication of an attack post mortem.
What's the Take?
The Ekubo hack adds another data point highlighting the prevalence of onchain risk. As my colleague William Peaster wrote last week, revoking stale token approvals (especially of the unlimited variety) is one of the best and easiest ways to protect yourself from exploits.
There is an active security incident on Ekubo swap router contract on EVM chains only. Liquidity providers are not affected. Starknet is not affected.
— Ekubo (@EkuboProtocol) May 5, 2026
We are investigating the scope of the issue, but to be safe revoke all outstanding approvals: https://t.co/9vHDLVjQWP
