TLDR
- KiloEx DEX experienced a $7.5 million exploit due to a price oracle vulnerability
- The team has suspended the platform and is working with security partners to trace stolen funds
- Attackers manipulated ETH/USD price from 100 to 10,000 to extract profits across multiple chains
- Security firms PeckShield and others confirmed losses of $3.3M on Base, $3.1M on opBNB, and $1M on BSC
- KILO token price dropped 27% following the exploit announcement
Decentralized exchange KiloEx has fallen victim to a $7.5 million exploit across multiple blockchains, according to statements released by the platform on April 14. The attack, which targeted the exchange’s price oracle system, has forced the team to suspend all platform operations while they work with security partners to trace and potentially recover the stolen funds.
🚨 Security Incident Announcement: KiloEx Vault Exploit
Dear KiloEx Community,
We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is:
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
We urge all partner protocols and platforms to…— KiloEx (@KiloEx_perp) April 14, 2025
The exploit affected multiple blockchains with approximately $3.3 million stolen from Base, $3.1 million from opBNB, and $1 million from the BNB Chain. Security experts have identified the root cause as a price oracle vulnerability, which allowed the attacker to manipulate asset prices.
How the Attack Happened
Cybersecurity firm PeckShield explained that the attacker exploited a flaw in KiloEx’s price oracle system. In one transaction, the hacker created a new position with an initial ETH/USD price of 100, then immediately closed the position with an inflated ETH/USD price of 10,000, earning a profit of $3.12 million in a single transaction.
The @KiloEx_perp protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC).
The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given…
— PeckShield Inc. (@peckshield) April 14, 2025
Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, described it as a “very simple vulnerability.” According to Shou, “Anyone can change KiloEx’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller.”
The attack was first detected by blockchain security platform Cyvers Alerts on April 14 at 7:30 PM UTC. They reported that a wallet funded via Tornado Cash executed several suspicious transactions across Base, Taiko, and BNB Chain.
Response and Recovery Efforts
KiloEx has taken immediate action, suspending all platform operations and launching an investigation. “The team has immediately suspended platform usage and is working with security partners to trace the flow of funds,” the KiloEx team stated on X (formerly Twitter).
The exchange is now collaborating with several security firms including Seal-911, SlowMist, and Sherlock. They’re also working with blockchain networks like BNB Chain and Manta Network in what they described as an effort spanning “multiple ecosystems.”
In their update, KiloEx confirmed that “the stolen assets are currently being routed through zkBridge and Meson.” The team stated they are “urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.”
The platform plans to launch a bounty program and will release a full report detailing how the exploit occurred.
Market Impact
The news had an immediate impact on KiloEx’s native token, KILO. Following the announcement, the token price dropped by over 27%, trading at $0.03596 according to CoinGecko data. This represents a 78% decrease from its all-time high of $0.1648, which was reached on March 27.
The timing of the exploit is especially poor for KiloEx. Just one day before the attack, on April 13, the exchange had announced a new partnership with Dubai-based Web3 venture capital firm DWF Labs, which was intended to expand KiloEx’s market presence and accelerate growth.
KiloEx was established in 2023 and is backed by Binance Labs as a lead investor and strategic partner. The platform operates as a decentralized perpetuals trading platform, also backed by YZi Labs.
This incident adds to the growing list of DeFi exploits in 2025. According to Immunefi’s Q1 2025 report, $1.64 billion was stolen in the first quarter alone, making it the worst quarter ever for cryptocurrency exploits. While centralized finance platforms lost $1.5 billion in two major attacks, DeFi protocols lost $106.8 million across 38 separate incidents.
The KiloEx team promises to provide further updates as their investigation progresses and recovery efforts continue.
Stay Ahead of the Market with Benzinga Pro!
Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
- Breaking market-moving stories before they hit mainstream media
- Live audio squawk for hands-free market updates
- Advanced stock scanner to spot promising trades
- Expert trade ideas and on-demand support
