{"id":23058,"date":"2025-04-15T14:17:39","date_gmt":"2025-04-15T11:17:39","guid":{"rendered":"https:\/\/forklog.com\/en\/kiloex-halts-operations-following-7-5-million-hack\/"},"modified":"2025-04-15T14:17:39","modified_gmt":"2025-04-15T11:17:39","slug":"kiloex-halts-operations-following-7-5-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/kiloex-halts-operations-following-7-5-million-hack\/","title":{"rendered":"KiloEx Halts Operations Following $7.5 Million Hack"},"content":{"rendered":"<p>The KiloEx team announced that the $7.5 million breach of the decentralized exchange has been contained, and the platform&#8217;s operations have been temporarily suspended.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? Security Incident Announcement: KiloEx Vault Exploit<\/p>\n<p>Dear KiloEx Community,<br \/>We regret to inform you that the KiloEx Vault has been exploited. The attacker\u2019s wallet address is:<br \/>0x00fac92881556a90fdb19eae9f23640b95b4bcbd<br \/>We urge all partner protocols and platforms to\u2026<\/p>\n<p>\u2014 KiloEx (@KiloEx_perp) <a href=\"https:\/\/twitter.com\/KiloEx_perp\/status\/1911899600849617330?ref_src=twsrc%5Etfw\">April 14, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cWe immediately suspended the platform&#8217;s operations and are collaborating with cybersecurity partners to track the movement of funds,\u201d noted representatives of the decentralized exchange.<\/em><\/p>\n<\/blockquote>\n<p>According to the statement, the project team is analyzing the attack vector and working on the possible recovery of stolen assets. A bounty program and a full incident report are also in development.<\/p>\n<p>KiloEx is collaborating with BNB Chain, Manta Network, and other partners to block further movement of the stolen funds.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? Update on the KiloEx Vault Exploit ?<\/p>\n<p>We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners\u2014including Seal-911, SlowMist, and Sherlock\u2014to investigate the recent KiloEx Vault exploit and trace the stolen assets.<\/p>\n<p>Our joint\u2026<\/p>\n<p>\u2014 KiloEx (@KiloEx_perp) <a href=\"https:\/\/twitter.com\/KiloEx_perp\/status\/1911921676167819538?ref_src=twsrc%5Etfw\">April 14, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the company, part of the assets is being moved through zkBridge and Meson.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cWe are urgently trying to establish communication with both protocols to halt current transactions and prevent further losses,\u201d stated KiloEx.<\/em><\/p>\n<\/blockquote>\n<p>The DEX team <a href=\"https:\/\/x.com\/KiloEx_perp\/status\/1912080346063282651\">offered<\/a> the hacker to keep 10% of the funds if they return the remaining 90%. In case of refusal, representatives threatened to reveal the attacker&#8217;s identity and take legal action.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">April 18, 2025 | 15:41<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The KiloEx hacker returned all stolen funds four days after the attack. Project representatives stated they would not press legal charges against the perpetrator.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Dear Community,<\/p>\n<p>We are pleased to announce that we have successful recovery of all stolen funds related to the recent security incident. This outcome underscores our commitment to protecting user assets and fostering a secure ecosystem.<\/p>\n<p>1. Case Resolution Progress<br \/>\u2014 The legal\u2026<\/p>\n<p>\u2014 KiloEx (@KiloEx_perp) <a href=\"https:\/\/twitter.com\/KiloEx_perp\/status\/1913168299292328115?ref_src=twsrc%5Etfw\">April 18, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cIn accordance with the agreement, we will award 10% of the recovered amount as a bounty to the white-hat hackers who contributed to enhancing our platform&#8217;s security,\u201d added KiloEx.<\/em><\/p>\n<\/blockquote>\n<\/div>\n<p>According to PeckShield, the attackers stole $7.5 million, with $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Chain.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/KiloEx_perp?ref_src=twsrc%5Etfw\">@KiloEx_perp<\/a> protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC). <\/p>\n<p>The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given\u2026<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1911898560888524962?ref_src=twsrc%5Etfw\">April 14, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Analysts suggested that the vulnerability is likely related to a \u201cprice oracle issue.\u201d This allowed the attackers to manipulate asset values.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cAs a result of one operation, the hackers increased the initial price of ETH from $100 to $10,000, closing the position with a profit of $3.12 million in a single transaction,\u201d reported PeckShield.<\/em><\/p>\n<\/blockquote>\n<p>According to <a href=\"https:\/\/x.com\/CyversAlerts\/status\/1911867270852227131\">Cyvers<\/a>, the hack was executed using the Tornado Cash mixer.<\/p>\n<p>Chaofan Shou, co-founder of the analytics company Fuzzland, described price oracle attacks as the result of \u201csimple vulnerabilities,\u201d noting that KiloEx insufficiently verifies function calls.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Anyone can change the Kilo&#8217;s price oracle. lol <a href=\"https:\/\/t.co\/X1UNImHbji\">pic.twitter.com\/X1UNImHbji<\/a><\/p>\n<p>\u2014 Chaofan Shou (svm\/acc) (@shoucccc) <a href=\"https:\/\/twitter.com\/shoucccc\/status\/1911882201211568479?ref_src=twsrc%5Etfw\">April 14, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The native token of the platform (KILO) plummeted by 31.5% in a day, to $0.0366, according to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/kiloex\">CoinGecko<\/a>. Since its peak value of $0.1648 recorded on March 27, the asset&#8217;s price has fallen by 77.8%.<\/p>\n<p>Back in March, Immunefi <a href=\"https:\/\/forklog.com\/en\/news\/immunefi-reports-worst-quarter-for-cryptocurrency-industry\">reported<\/a> that cybercriminals stole $1.64 billion in 40 incidents during the first quarter of 2025.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The KiloEx team announced that the $7.5 million breach of the decentralized exchange has been contained, and the platform&#8217;s operations have been temporarily suspended. ? Security Incident Announcement: KiloEx Vault Exploit Dear KiloEx Community,We regret to inform you that the KiloEx Vault has been exploited. The attacker\u2019s wallet address is:0x00fac92881556a90fdb19eae9f23640b95b4bcbdWe urge all partner protocols and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23057,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1268],"class_list":["post-23058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-on-chain-analysis"],"aioseo_notices":[],"amp_enabled":true,"views":"44","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=23058"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23058\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/23057"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=23058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=23058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=23058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}