Ekubo Expansion Contract Hit with $1.4 Million Heist on Ethereum

A recent security breach has affected Ekubo Protocol's expansion contract on the Ethereum blockchain. According to reports, an attacker targeted the IPayer.pay callback function, which failed to verify the identity of the payer. This vulnerability allowed the attacker to steal assets via the Core router by exploiting users' ERC-20 approvals.

The attack resulted in losses of approximately $1.4 million, primarily affecting users who have authorized this V2 contract. Fortunately, Ekubo Protocol's main users are not impacted by this incident. It is essential for affected users to take necessary precautions to secure their assets and review their authorization settings.