Back

Ekubo Reports Security Incident in EVM Swap Router Contracts

SlowMist founder Yu Xian said the exploit abused prior token approvals and Ekubo Core withdraw/pay flows, with one user losing 17 WBTC through 85 repeated executions against affected contracts.

ETH
WBTC
CORE

Fact Check
All three sources corroborate the core claim. The Odaily newsflash directly cites Yu Xian's (@evilcos, SlowMist founder) X post and confirms every specific detail: prior token approvals were abused, the Ekubo Core withdraw/pay flow was exploited, and one user lost exactly 17 WBTC through 85 repeated executions (85 x 0.2 WBTC). The Blockaid analysis in the second PANews article independently confirms the same attack mechanism involving the IPayer.pay callback and Core lock routing. Ekubo Protocol's own official announcement (third source) confirms the EVM swap router security incident. The minor uncertainty (0.05 false probability) reflects that the primary X posts from Yu Xian and Ekubo were not fetched directly, but the citing news sources are credible and internally consistent.
    Reference123
Summary

Ekubo’s previously disclosed Ethereum security incident has new technical detail from SlowMist founder Yu Xian, who said an Ekubo-related contract was maliciously exploited and user 0x765DEC lost 17 WBTC. According to Yu Xian, the attacker executed the exploit 85 times at 0.2 WBTC each by abusing prior token approvals and Ekubo Core withdraw/pay flows. This adds to Ekubo’s earlier statement that about $1.4 million was taken through exploitation of a custom extension contract on Ethereum, with user risk limited to wallets that had approved the affected contract. Users were urged to review and revoke approvals for the listed V2 and V3 contracts.

Terms & Concepts
  • token approvals: Permissions that let a smart contract spend tokens from a user’s wallet; if abused, approved contracts can move funds without a new transfer authorization.
  • WBTC: Wrapped Bitcoin, a tokenized version of Bitcoin used on Ethereum and other smart contract networks.
  • Ekubo Core withdraw/pay flows: Contract withdrawal and payment logic in Ekubo’s core system that, according to Yu Xian, was abused during the exploit.