Ekubo Protocol extension contract attacked, resulting in a loss of approximately $1.4 million

According to Blockaid monitoring, Ekubo Protocol's extension contract on Ethereum was attacked, resulting in a loss of approximately $1.4 million. The attack originated from the unverified payer identity in the IPlayer. pay callback function of the contract. The attacker exploited the user's ERC-20 authorization for the contract and stole assets through Core routing. There is a risk in authorizing the users of this V2 contract, and Ekubo users themselves are not affected.