//Ekubo
C+

EkuboMicro-cap

Risk Score 41/100·B-Value
Compare
$25MTVL·$6MFDV·DEXWebsite →

Ekubo is a technically innovative DEX with strong tokenomics (100% circulating supply, fee-funded buybacks) and a clean Starknet track record. However, an authorization bypass in its EVM swap router was exploited for $1.4M on May 6, 2026, and the immutable contracts prevent patching. The singleton architecture and extensions system remain intact on Starknet, but EVM expansion credibility is compromised. Starknet ecosystem revenue headwinds (chain revenue down 99% from peak) add ecosystem risk. Suitable only for Starknet-native users who have revoked all EVM approvals and accept elevated smart contract and ecosystem concentration risk.

Risk Breakdown

Top Risks

1

On May 6, 2026, an authorization bypass in Ekubo's EVM swap router (v2 extension) allowed an attacker to drain $1.4M in WBTC from users who had open token approvals. The EVM contracts are immutable — the vulnerability cannot be patched. Users with existing approvals to the EVM router remain exposed until they revoke.

2

Ekubo's singleton contract architecture consolidates all pool state into a single contract — while gas-efficient, a vulnerability in the singleton could compromise all liquidity pools simultaneously rather than being isolated to individual pools.

3

Built primarily on Starknet (now expanding to EVM), Ekubo inherits L2 risks including sequencer centralization, data availability dependency on Ethereum, and potential Starknet-specific bugs in the Cairo programming language.

Frequently Asked Questions

Is Ekubo safe to use?
Ekubo receives a C+ risk grade (41/100) from Hindenrank, where lower scores indicate lower risk. Ekubo is a technically innovative DEX with strong tokenomics (100% circulating supply, fee-funded buybacks) and a clean Starknet track record. However, an authorization bypass in its EVM swap router was exploited for $1.4M on May 6, 2026, and the immutable contracts prevent patching. The singleton architecture and extensions system remain intact on Starknet, but EVM expansion credibility is compromised. Starknet ecosystem revenue headwinds (chain revenue down 99% from peak) add ecosystem risk. Suitable only for Starknet-native users who have revoked all EVM approvals and accept elevated smart contract and ecosystem concentration risk. Ekubo is the dominant decentralized exchange on Starknet, a layer 2 blockchain built on Ethereum. It uses concentrated liquidity (like Uniswap V3) with a unique architecture where all trading pools share a single smart contract for maximum efficiency and lower gas costs. On May 6, 2026, its EVM swap router was exploited for $1.4M via an authorization bypass — users should revoke any approvals to Ekubo's EVM contracts immediately. The protocol has also expanded to Ethereum mainnet in 2025. Its EKUBO token has 100% of supply already circulating with no future inflation.
What are the main risks of using Ekubo?
The key risks identified for Ekubo are: (1) The EVM swap router was exploited for $1.4M on May 6, 2026 — users with open approvals to Ekubo's EVM contracts should revoke them immediately (2) All trading pools share one smart contract — if that contract has a bug, all pools could be affected at once (3) Primarily built on Starknet, which has a smaller ecosystem than Ethereum L2 competitors like Arbitrum and Base (4) EVM contracts are immutable — the authorization vulnerability in the May 2026 exploit cannot be patched without redeployment
What is Ekubo's risk score breakdown?
Ekubo scores 41/100 across eight risk dimensions: Mechanism Novelty: 6/15, Interaction Severity: 7/20, Oracle Surface: 1/10, Documentation Gaps: 2/10, Track Record: 11/15, Scale Exposure: 3/10, Regulatory Risk: 2/10, Vitality Risk: 9/10. The highest risk area is Vitality Risk at 9/10.
How does Ekubo compare to other DEX protocols?
Among 112 rated DEX protocols on Hindenrank, Ekubo ranks #86 by safety (lowest risk score = safest). Its 41/100 risk score and C+ grade place it among the riskier DEX protocols.
Has Ekubo ever been hacked or exploited?
Ekubo scores 11/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.

Incident History

1incident|$1Mtotal losses
Last scanned 2026-05-12

Get risk alerts before it's too late

Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.