BlockBeats News, May 6th, the Starknet ecosystem DEX protocol Ekubo issued a security alert, pointing out a security vulnerability in its EVM chain's transaction routing contract. Liquidity providers and users on Starknet are not affected. The impact is currently under investigation. All users are advised to immediately revoke relevant contract authorizations.

In addition, the founder of SlowMist, Cai Yunge, stated that the Ekubo attacker, through the payCallback mechanism, designated users who had previously granted unlimited token approval to the contract as the payer. This allowed them to call the transferFrom function of WBTC to move the victim's assets. The attacker executed a total of 85 operations, each involving 0.2 WBTC. User 0x765DEC suffered a cumulative loss of 17 WBTC.