DeFi Protocol Ekubo Hit by $1.4 Million Wrapped Bitcoin Attack

Approval-based flaws continue driving DeFi exploits as 2026 losses climb beyond $750 million worldwide.

Fresh security failures continue to pressure decentralized finance platforms in 2026. Rising attack frequency has pushed protocol teams to tighten audits and review contract permissions more aggressively. Ekubo Protocol became the latest target after attackers exploited a flaw in its EVM infrastructure related to token approval handling. The incident adds to a growing list of exploits that have already drained hundreds of millions from DeFi platforms this year.

Blockaid Identifies Access-Control Weakness Behind Ekubo Attack

Ekubo Protocol lost roughly $1.4 million in wrapped bitcoin after attackers exploited an access-control vulnerability in its EVM-based swap router contracts. Blockchain security firm Blockaid said the exploit targeted a vulnerable payment callback mechanism in Ekubo’s v2 EVM extension contracts.

Ekubo operates as a concentrated liquidity AMM, first launched on Starknet and later expanding to Ethereum and Arbitrum. The platform is known for its singleton architecture and modular extension design.

According to Blockaid, attackers manipulated the payload data, including the payer, token, and amount parameters. Contracts reportedly failed to verify whether the payer had approved the transaction before execution. That weakness allowed attackers to drain wallets that had previously granted token approvals to the affected router contracts.

Security researchers said attackers carried out the theft through nearly 85 rapid transactions. On-chain monitoring platforms, including Cyvers, tracked the stolen funds after roughly 17 WBTC were removed from a primary victim wallet. Assets were later swapped into WETH and DAI.

DeFi Losses Top $750M Following Recent Exploit

Ekubo warned users shortly after discovering the breach. Team members confirmed that the exploit affected only EVM swap router contracts, while liquidity providers remained unaffected. Developers also stated that the protocol’s main Starknet deployment continued to operate normally.

Users were urged to revoke outstanding token approvals immediately through revoke.cash to reduce further exposure. Ekubo also noted that the affected EVM contracts are immutable by design, leaving redeployment as the only available fix for the compromised router system.

The attack reflects a wider pattern seen across decentralized finance this year. Approval-based vulnerabilities and permission flaws have repeatedly surfaced in modular DeFi protocols, especially those handling cross-chain or extension-based infrastructure.

DeFi-related losses had already surpassed $750 million before the Ekubo exploit, according to earlier reporting from The Block. April alone recorded roughly $620 million in stolen funds across nearly 30 separate incidents.

Large breaches involving Drift Protocol and Kelp DAO accounted for the majority of the month’s losses. Smaller attacks against Wasabi Protocol and Volo Protocol also added to the pressure on an already difficult year for DeFi security.

The post DeFi Protocol Ekubo Hit by $1.4 Million Wrapped Bitcoin Attack appeared first on Live Bitcoin News.