KiloEx, a decentralized perpetual futures trading platform, experienced a severe hack that resulted in a $7 million loss. This exploit specifically targeted vulnerabilities within the platform’s price oracle system and affected assets across the BNB Chain, Base, and Taiko networks.
Millions-Worth Hack
KiloEx was compromised in a calculated attack that drained millions of dollars in crypto from its vaults. The breach was detected and reported by blockchain security firm Cyvers, which identified suspicious transactions linked to an attacker-funded address. The attacker exploited a flaw in the platform’s price oracle system, specifically related to access control vulnerabilities, allowing them to manipulate transactions and siphon funds across multiple blockchain networks.
This incident suggests that the attacker executed the exploit carefully, aiming to conceal their actions and complicate recovery efforts. The interplay of the price Oracle vulnerability, cross-chain exposure, and obscured funding sources facilitated a highly effective exploit.
KiloEx’s Follow-Up Actions
In response to this breach, KiloEx has immediately suspended its services to prevent further losses. The platform’s team launched an active investigation, working with security partners to trace the stolen funds and identify the attacker. KiloEx promised to deliver a detailed incident report to provide transparency about the breach and outline steps to prevent future incidents.
KiloEx also announced plans to introduce a reward system for individuals or entities that assist in retrieving the assets. The platform’s security team is actively monitoring the movement of stolen funds, which were transferred to addresses linked to Tornado Cash. Despite applying blockchain analytics tools to track the assets, utilizing a mixer presents challenges to recovery efforts.
This incident is a critical reminder of the loopholes within the decentralized finance (DeFi) ecosystem. Recent notable breaches, including the UPCX hack, which resulted in a $70 million loss, and the Hyperliquidity Provider breach, which resulted in a $12 million loss, underscore the urgent need for robust security protocols to safeguard user funds.
As the investigation continues, users and the broader crypto community await KiloEx’s detailed incident report, which is expected to clarify the technical specifics of the exploit. This breach has understandably raised concerns about KiloEx’s security measures, prompting users to reassess the safety of their funds on the platform.
