KiloEx DEX Experiences .5 Million Security Breach Due to Price Oracle Vulnerability

KiloEx DEX Experiences $7.5 Million Security Breach Due to Price Oracle Vulnerability

Posted on By Zonedead No Comments on KiloEx DEX Experiences $7.5 Million Security Breach Due to Price Oracle Vulnerability


TLDR

  • KiloEx decentralized exchange lost approximately $7.5 million in a cross-chain attack
  • The exploit was caused by a price oracle vulnerability allowing price manipulation
  • KiloEx has suspended platform usage and is working with security partners to trace funds
  • The attacker exploited multiple chains including Base ($3.3M), opBNB ($3.1M), and BSC ($1M)
  • Stolen funds are being routed through zkBridge and Meson protocols

Decentralized exchange KiloEx has confirmed a $7.5 million exploit that occurred on April 14, 2025. The platform immediately suspended all trading operations after discovering the security breach. The exploit affected multiple blockchain networks in what security experts have identified as a cross-chain attack.

The attack was first detected by blockchain security platform Cyvers Alerts at 7:30 PM UTC on April 14. They reported that a wallet funded through Tornado Cash executed suspicious transactions across several blockchains including Base, Taiko, and BNB Chain.

Cybersecurity experts have determined that a price oracle vulnerability was the root cause of the exploit. Price oracles provide smart contracts with external data about asset prices, and in this case, the mechanism was compromised.

How the Attack Worked

According to blockchain security firm PeckShield, the hacker exploited a price oracle issue to manipulate asset prices. This manipulation allowed the attacker to create positions at artificially low prices and close them at inflated values.

In one transaction analyzed by PeckShield, the hacker created a new position with an initial ETH/USD price of $100. They then immediately closed the position at an inflated ETH/USD price of $10,000, netting a profit of $3.12 million in a single transaction.

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, described it as a “very simple vulnerability” where attackers could change KiloEx’s price oracle. The system failed to properly verify the caller, despite having some security measures in place.

The highest losses occurred on the Base network at $3.3 million. The opBNB network saw losses of $3.1 million, while the BSC network lost approximately $1 million.

Response and Recovery Efforts

KiloEx has assembled a team of security partners to help trace and potentially recover the stolen funds. The exchange is collaborating with BNB Chain, Manta Network, and cybersecurity firms including Seal-911, SlowMist, and Sherlock.

“The team has immediately suspended platform usage and is working with security partners to trace the flow of funds,” KiloEx stated in an announcement on social media platform X on April 14. “We are analyzing the attack vector and affected assets.”

In a follow-up statement, KiloEx confirmed that the stolen assets were being routed through zkBridge and Meson protocols. The exchange is attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.

KiloEx has also announced plans to launch a bounty program and release a full report on how the exploit occurred. The exchange is urging other protocols and platforms to blacklist the attacker’s wallet addresses.

The stolen funds include USD Coin (USDC), which may be blacklisted by the token issuers, potentially making it difficult for attackers to convert these funds.

The exploit has impacted the value of KiloEx’s native token, KILO. Following the news, KILO dropped by over 27% to trade at $0.03596. The token remains down more than 78% from its all-time high of $0.1648 reached on March 27.

Market Context

KiloEx was established in 2023 and is backed by Binance Labs as a lead investor and strategic partner. The perpetual DEX is also supported by YZi Labs.

The security breach comes just days after KiloEx announced a partnership with Dubai-based Web3 venture capital firm DWF Labs on April 13. The partnership was intended to expand KiloEx’s market presence and accelerate growth.

On March 25, DWF Labs launched a $250 million Liquid Fund aimed at accelerating the growth of mid- and large-cap blockchain projects and driving real-world adoption of Web3 technologies.

This exploit is part of a larger trend of DeFi security incidents. According to Immunefi’s Q1 2025 report, the first quarter of 2025 was the worst on record for cryptocurrency exploits, with $1.64 billion stolen in total. DeFi protocols lost $106.8 million across 38 separate incidents during this period.



Cryptocurrency

More Related Articles

40% Weekly Gain Pushes Token Above 0 After Brief Dip Below 0 40% Weekly Gain Pushes Token Above $130 After Brief Dip Below $100 Cryptocurrency
DTX Exchange (DTX) Emerges as Challenger to Shiba Inu & Polkadot in 60 Days DTX Exchange (DTX) Emerges as Challenger to Shiba Inu & Polkadot in 60 Days Cryptocurrency
XYZVerse Dominates the Crypto World as the Ultimate G.O.A.T. XYZVerse Dominates the Crypto World as the Ultimate G.O.A.T. Cryptocurrency
Early Whales Are Buying Doge Uprising – Will It Be the Next 1000x Meme Coin? Early Whales Are Buying Doge Uprising – Will It Be the Next 1000x Meme Coin? Cryptocurrency
Bitcoin’s Lows Spark Big Long-Betting On BTC, Why Is Emerging Star Mutuum Finance (MUTM) Looking Like A Home Run? Bitcoin’s Lows Spark Big Long-Betting On BTC, Why Is Emerging Star Mutuum Finance (MUTM) Looking Like A Home Run? Cryptocurrency
How I Learned to Stop Worrying and Love the Crypto – Cryptocurrency News & Trading Tips – Crypto Blog by Changelly How I Learned to Stop Worrying and Love the Crypto – Cryptocurrency News & Trading Tips – Crypto Blog by Changelly Cryptocurrency

Leave a Reply

Your email address will not be published. Required fields are marked *