coin-img-ETHETH-0.68%coin-img-BTCBTC+0.32%coin-img-SOLSOL+2.70%coin-img-TONCOINTONCOIN+24.94%coin-img-INTEINTE+0.00%coin-img-SLINKSLINK+2.33%coin-img-XRPXRP+1.56%coin-img-USDCUSDC-0.01%coin-img-ETHETH-0.68%coin-img-BTCBTC+0.32%coin-img-SOLSOL+2.70%coin-img-TONCOINTONCOIN+24.94%coin-img-INTEINTE+0.00%coin-img-SLINKSLINK+2.33%coin-img-XRPXRP+1.56%coin-img-USDCUSDC-0.01%coin-img-ETHETH-0.68%coin-img-BTCBTC+0.32%coin-img-SOLSOL+2.70%coin-img-TONCOINTONCOIN+24.94%coin-img-INTEINTE+0.00%coin-img-SLINKSLINK+2.33%coin-img-XRPXRP+1.56%coin-img-USDCUSDC-0.01%coin-img-ETHETH-0.68%coin-img-BTCBTC+0.32%coin-img-SOLSOL+2.70%coin-img-TONCOINTONCOIN+24.94%coin-img-INTEINTE+0.00%coin-img-SLINKSLINK+2.33%coin-img-XRPXRP+1.56%coin-img-USDCUSDC-0.01%

Ekubo Protocol v2 Custom Extension Contract Hit by Ongoing Exploit; Losses Total $1.4M

ChainCatcher reports that security firm Blockaid (@blockaid_) has flagged an ongoing attack targeting a v2 custom extension contract of Ekubo Protocol on Ethereum, with losses estimated at about $1.4 million. Blockaid said the issue stems from the extension's IPayer.pay callback, which does not properly validate where its parameters come from. As a result, attackers can set the payer, token, and amount values and trigger arbitrary transfers of tokens that have been approved. The core Ekubo protocol is not affected. Risk is concentrated among users who previously approved this v2 contract as a token spender. Blockaid urges impacted users to revoke those approvals immediately.
Selected
ETH
ETH-0.88%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.