KiloEx Halts Operations Following $7.5 Million Hack
The KiloEx team announced that the $7.5 million breach of the decentralized exchange has been contained, and the platform’s operations have been temporarily suspended.
? Security Incident Announcement: KiloEx Vault Exploit
Dear KiloEx Community,
We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is:
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
We urge all partner protocols and platforms to…— KiloEx (@KiloEx_perp) April 14, 2025
“We immediately suspended the platform’s operations and are collaborating with cybersecurity partners to track the movement of funds,” noted representatives of the decentralized exchange.
According to the statement, the project team is analyzing the attack vector and working on the possible recovery of stolen assets. A bounty program and a full incident report are also in development.
KiloEx is collaborating with BNB Chain, Manta Network, and other partners to block further movement of the stolen funds.
? Update on the KiloEx Vault Exploit ?
We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets.
Our joint…
— KiloEx (@KiloEx_perp) April 14, 2025
According to the company, part of the assets is being moved through zkBridge and Meson.
“We are urgently trying to establish communication with both protocols to halt current transactions and prevent further losses,” stated KiloEx.
The DEX team offered the hacker to keep 10% of the funds if they return the remaining 90%. In case of refusal, representatives threatened to reveal the attacker’s identity and take legal action.
The KiloEx hacker returned all stolen funds four days after the attack. Project representatives stated they would not press legal charges against the perpetrator.
Dear Community,
We are pleased to announce that we have successful recovery of all stolen funds related to the recent security incident. This outcome underscores our commitment to protecting user assets and fostering a secure ecosystem.
1. Case Resolution Progress
— The legal…— KiloEx (@KiloEx_perp) April 18, 2025
“In accordance with the agreement, we will award 10% of the recovered amount as a bounty to the white-hat hackers who contributed to enhancing our platform’s security,” added KiloEx.
According to PeckShield, the attackers stole $7.5 million, with $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Chain.
The @KiloEx_perp protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC).
The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given…
— PeckShield Inc. (@peckshield) April 14, 2025
Analysts suggested that the vulnerability is likely related to a “price oracle issue.” This allowed the attackers to manipulate asset values.
“As a result of one operation, the hackers increased the initial price of ETH from $100 to $10,000, closing the position with a profit of $3.12 million in a single transaction,” reported PeckShield.
According to Cyvers, the hack was executed using the Tornado Cash mixer.
Chaofan Shou, co-founder of the analytics company Fuzzland, described price oracle attacks as the result of “simple vulnerabilities,” noting that KiloEx insufficiently verifies function calls.
Anyone can change the Kilo’s price oracle. lol pic.twitter.com/X1UNImHbji
— Chaofan Shou (svm/acc) (@shoucccc) April 14, 2025
The native token of the platform (KILO) plummeted by 31.5% in a day, to $0.0366, according to CoinGecko. Since its peak value of $0.1648 recorded on March 27, the asset’s price has fallen by 77.8%.
Back in March, Immunefi reported that cybercriminals stole $1.64 billion in 40 incidents during the first quarter of 2025.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!