NullTrace
DemoPayFeed
EO
HIGHEthereumMissing Access ControlMONITORING

Ekubo.org

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

Loss

$1.38M

Risk

Missing Access Control — AI-flagged

Confidence

88%

Instant Forensic Report · x402 on Solana

Unlock the full AI-generated breakdown

Pay once with SOL via x402 — the machine-to-machine payment protocol on Solana. Full wallet trace, fund flow graph, exploit PoC, and PDF export unlocked instantly.

HTTP 402 · x402 Protocol
Powered by Solana
Full wallet flow graph
Exploit PoC breakdown
Fund tracing report
PDF export + API
Free in 24h

x402 · HTTP 402 payment required · Solana Mainnet · Demo mode

AI Generated Breakdown

Reporter Agent synthesis with forensic confidence scoring

Attack explanation

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

Root cause analysis

Type: Missing Access Control. See source analysis for full root-cause breakdown.

88

confidence score

Missing Access Control — AI-flagged

Wallet Flow Visualization

Attacker path, bridge transfers, token drains, mixer usage

interactive graph

Technical Breakdown

Attack vector

Missing Access Control

Vulnerability

Missing Access Control

Affected contracts

https://etherscan.io/tx/0x770bc9a1f7c32cb63a5002b9ceb5c7994cd3af0fc6b2309cb32d3c46f629daa0https://etherscan.io/address/0x8ccb1ffd5c2aa6bd926473425dea4c8c15de60fdhttps://etherscan.io/address/0x765decf4fa157756e850c1079f60801b9219edd1

Mitigation suggestions

Review all admin-configurable parameters before deployment
Add invariant checks and circuit breakers to critical vault functions
Use independent oracle validation with fallback and deviation checks

Emergency Bridge

Move funds off Ethereum

Powered byLI.FI

If your assets are at risk on Ethereum, bridge them to a safer chain immediately via LI.FI — the cross-chain aggregator covering 60+ chains and all major Solana bridges.

From (at risk)

Ethereum

Bridge to

Best Route via LI.FI

EthereumEthereum

Mayan Swift • Across • Glacis aggregated

Est. Fee

~$0.50

Open LI.FI Bridge

60+ chains · gasless swaps on Solana · Jito bundles

60+

Chains

$2B+

Volume

20+

Bridges

Exploit Timeline

2026-05-05

Incident detected

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

Related Tweets

Demo X/Twitter integration for researcher posts, warnings, and fake-info checks

related tweets demo scan

NullTrace links social posts to the incident by contract mentions, protocol name, researcher credibility, and fake-loss detection tags.

DefimonAlerts

@DefimonAlerts · 2026-05-05

Warning

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

DefimonAlerts

@DefimonAlerts · 2026-05-05

Warning

Ekubo v2 locker blindly trusts the from address embedded in the locker's packed instruction payload. Its payCallback(token,id,_,amount,from) does a transferFrom with from taken straight from user-supplied calldata.

AI Voice Briefing

Generated incident narration for security leadership

briefing ready · 00:58 · analyst-grade summary