Ekubo Protocol Exploit: What Happened and How to Protect Funds

Ekubo Protocol Exploit Drains $1.4M, Users Must Revoke Approvals Now

A recent Ekubo Protocol exploit has shaken the crypto community today. Hackers targeted the platform's swap router contracts on two major networks: Ethereum and Arbitrum. This Ekubo hack resulted in the loss of about $1.4 million, mostly in Wrapped Bitcoin (WBTC).

Source: Official Announcement 

If you have used the protocol on these networks, you need to act fast. While the core protocol on Starknet is safe, users on EVM chains must protect their wallets immediately. Here is the latest update on what happened and what you should do next.

Ekubo-Protocol $1.4 Million Hack: Who Is at Risk

The Ekubo Protocol exploit happened because of a simple but costly mistake in the code. A "missing payer validation" error allowed an attacker to pull funds from users who had previously approved the swap router. In total, the hack resulted in roughly 17 WBTC ($81,170)  tokens theft across 85 fast transactions.

The good news is that the Ekubo-swap router hack did not affect everyone. If you only provide liquidity or use Ekubo on Starknet, your funds are secure. This DeFi hack 2026 only hit users who gave "unlimited approvals" to specific router contracts on Ethereum and Arbitrum.

Key Facts:

• Total Loss: Approximately $1.4 million.

• Main Asset Taken: Wrapped Bitcoin (WBTC).

• Affected Chains: Ethereum and Arbitrum.

• Safe Areas: Starknet, Liquidity Providers (LPs), and core AMM contracts.

How to Revoke Approvals and Secure Your Crypto Wallet

To stay safe, you must check your affected addresses. The team strongly suggests that users visit revoke.cash to cancel any active permissions. This stops the hacker from using your previous approvals to move your money.

Revoke approvals for these specific addresses:

• Ethereum:

• 0x8ccb1ffd5c2aa6bd926473425dea4c8c15de60fd (V2)

• 0x4f168f17923435c999f5c8565acab52c2218edf2 (V3)

• Arbitrum:

• 0xc93©4ad185ca48d66fefe80f906a67ef859fc47d (V3)

Wondering if the protocol safe now or not? The main Starknet DEX remains fully operational. However, this Ekubo Protocol exploit news serves as a reminder to never leave unlimited token approvals open. Always revoke permissions after you finish a swap to avoid risks from a crypto hack today.

Source: X Official Account 

Currently, there is no news regarding Ekubo compensation for the affected users. The team is writing a post-mortem report to explain the bug in detail. Be careful of scammers sending fake links about refunds, follow the official accounts for updates.

Disclaimer: The article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency investments are highly volatile and risky, always do your own research before making any financial decisions.