Ekubo Exploit Exposes Cross-Chain Routing Risks in DeFi Infrastructure A recent security incident involving Ekubo, a decentralized exchange on Starknet, highlights vulnerabilities in DeFi’s approval-based structure and cross-chain routing systems. Attackers drained 17 WBTC by exploiting router contracts, converting the funds into $1.36 million worth of ETH before routing them through Tornado Cash. The exploit underscores growing concerns about approval contagion and systemic risks in DeFi infrastructure. Ekubo, a decentralized exchange built on Starknet, recently disclosed a security incident involving swap router contracts across Ethereum and Arbitrum. The incident triggered immediate concerns about wallet approvals and user asset exposure across connected DeFi routes. While the protocol clarified that Starknet infrastructure and liquidity providers remained unaffected, the exploit highlighted deeper vulnerabilities within DeFi’s approval-based structure. Router contracts, which manage token transfers between users and liquidity pools, became a focal point of the attack. Once attackers gained access, approved wallets could lose funds rapidly before users had a chance to react. In response, Ekubo urged users to revoke permissions tied to three affected Ethereum and Arbitrum router addresses.Concurrently, phishing warnings emerged, underscoring the escalating security risks and eroding short-term user confidence in DeFi markets. The exploit unfolded swiftly after attackers executed 85 separate transactions, draining 17 WBTC through repeated 0.2 WBTC transfers. The stolen funds were then funneled into Velora, where they were converted into $404K USDC, $403K DAI, and 239.5 ETH. Shortly after, the assets were consolidated into 577 ETH, valued at nearly $1.36 million, before being routed toward Tornado Cash.This mixer obscured transaction trails, complicating recovery efforts and allowing attackers to move freely across interconnected chains. The incident exposed growing pressures within cross-chain DeFi infrastructure, where router systems enhance liquidity efficiency but also expand attack surfaces and smart contract complexity. Repeated routing exploits may weaken user confidence, reduce short-term liquidity activity, and increase caution around approval-heavy DeFi participation. Ekubo’s $1.4 million exploit underscored how DeFi’s pursuit of capital efficiency continues to clash with persistent infrastructure vulnerabilities.Attackers exploited unlimited ERC-20 approvals granted weeks or months prior by manipulating callback logic within the protocol's extension contract. Although Starknet liquidity pools remained untouched, the exploit reignited concerns about approval contagion across Ethereum and Arbitrum routing layers. Router contracts, which function as shared liquidity infrastructure, make recurring exploit structures more systemic than isolated. DeFiLlama data reveals cumulative DeFi losses exceeding $7.7 billion, with bridge exploits alone approaching $2.9 billion historically.Ekubo’s pre-exploit TVL of approximately $38 million limited broader contagion risks, but repeated router exploits may further erode confidence and accelerate demand for security-focused DeFi infrastructure