Cos(余弦)😶🌫️|May 06, 2026 01:17
Ekubo's contract was maliciously exploited:
https://((etherscan.io))/tx/0x770bc9a1f7c32cb63a5002b9ceb5c7994cd3af0fc6b2309cb32d3c46f629daa0
The reason is that if the user has previously authorized the relevant tokens to:
0x8CCB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd
For this WBTC unlimited authorization from user 0x765DEC (158 days ago):
https://((etherscan.io))/tx/0x1766a4cbc76ec483c7535d0948b420d1e5bf57f9b91ebc25b2a53e195b5dc2a0
Attackers can specify authorized users as payers and make the contract call in paycallbacks WBTC transferFrom(victim, Ekubo Core, amount), Then transfer the assets to the attacker through the withdrawal/pay balancing process of Ekubo Core (0xe0e0e08A6A4b9Dc7bD67BB7aadE5CF48157d444).
This operation was performed 85 times, with 0.2 WBTC each time, and the end user 0x765DEC lost 17 WBTC.
There may be inaccuracies in the analysis, mainly due to incomplete understanding of the mechanism related to the contract 0x8CB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd related to Ekubo. Please feel free to correct.
@SlowMist_Team @TycheKong @im23pds
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink