The decentralized exchange infrastructure provider Ekubo has reported a security incident involving its Swap router contracts on several Ethereum Virtual Machine (EVM) compatible networks. According to an official statement released on May 6, 2026, the vulnerability specifically targets the protocol's routing mechanisms, prompting the team to issue an urgent advisory for users to safeguard their assets. While investigations into the total exploit volume are ongoing, the project has confirmed that its primary operations on Starknet remain secure and unaffected by this specific breach.
Scope of the Vulnerability and Affected Networks
The security flaw has been identified within the smart contract architecture used for executing token swaps across multiple chains. Current data indicates that the incident is localized to the Ethereum and Arbitrum ecosystems. Specifically, the following contract versions have been flagged as high-risk:
- Ethereum: V2 and V3 router contract addresses.
- Arbitrum: V3 router contract addresses.
Liquidity providers (LPs) on these platforms are reportedly unaffected by the current exploit, as the vulnerability resides in the swap routing logic rather than the liquidity pools themselves. The Ekubo team has emphasized that the protocol's core deployment on the Starknet layer-2 network continues to function normally, as it utilizes a different codebase and execution environment.
Urgent Mitigation Steps for Protocol Users
To prevent potential loss of funds, Ekubo developers are advising all users who have interacted with the protocol on Ethereum or Arbitrum to immediately revoke all authorizations and permissions granted to the compromised addresses. This can be done through various blockchain security tools such as Revoke.cash or Etherscan's token approval checker. By revoking these permissions, users can block the router's ability to move tokens from their wallets.
The team is currently investigating the full scope of the incident. We advise users to immediately revoke all authorizations for the affected addresses mentioned in our technical updates.
The development team is currently drafting a comprehensive post-mortem report to detail the root cause of the exploit and the subsequent security measures being implemented. Additionally, the project has issued a warning regarding an increase in phishing attempts. Users are urged to remain vigilant and avoid clicking on unofficial links or "compensation" portals claiming to be affiliated with Ekubo, as malicious actors often use security incidents to deploy further drainer attacks.
In conclusion, while the core Starknet infrastructure remains intact, the breach of the EVM Swap router highlights the ongoing challenges of cross-chain security. Users are encouraged to monitor the project's official communication channels for the release of the final post-mortem and updates on contract redeployments. Following standard security protocols, including the timely revocation of smart contract approvals, remains the most effective defense for retail participants during such incidents.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.