A Blockchain Heist: The $7.5 Million KiloEx Crossover Caper
KiloEx Decentralized Exchange Suffers $7.5 Million Cyber Attack due to Oracle Vulnerability Issue
Taking a gander at the latest happenings in the cryptoverse, we've got ourselves a juicy one. On April 14, 2025, the decentralized exchange (DEX) KiloEx suffered a whopping $7.5 million loss due to a cross-chain attack. Time to dive into the nitty-gritty details of this wild ride.
Let's kick things off by setting the stage: cybersecurity platform Cyvers Alerts pointed their digital telescope towards an eyebrow-raising series of transactions across several blockchains, including Base, Taiko, and BNB Chain. Nothing finer than a good ol' cryptocurrency heist!
The Nefarious Scheme
So what transpired, you might ask? Well, here's the lowdown: the culprit exploited a loophole in KiloEx's price oracle—a pesky little thing that provides smart contracts with external data on asset prices. With that shiny "in" at their fraudulent disposal, they were able to manipulate the prices, enabling them to create positions at ridiculously low prices (like $100/ETH) and closing 'em at astronomically inflated ones (such as $10,000/ETH), raking in the dough in a single, savvy swoop. That's what we call playing the market!
The Targets of Opportunity
It's not everyday you spy a six-figure haul, but this fella's been hitting the jackpot; here are the blockchain networks taking the brunt of the damage:
- Base: $3.3 million (ouch!)
- opBNB: $3.1 million (ouch, again!)
- BSC: $1 million (ouch, again, again!)
The guilty parties? Their wallet initially got funded via Tornado Cash, a privacy tool often used to obscure crypto trails—it seems our friend just can't resist playing a little cat-and-mouse game.
The Game of Cat and Mouse
As if that wasn't enough, KiloEx had to go and involve the big boys in the game. They've gathered a crack team of security partners, working with BNB Chain, Manta Network, Seal-911, SlowMist, and Sherlock to trace those stolen funds. And they're not resting on their laurels; they're analyzing the attack vector and the affected assets to ensure every stone is turned.
That's not all. In an effort to recover those assets, they're attempting to engage with the zkBridge and Meson protocols. Their plan is to halt any ongoing transactions and prevent those funds from getting away for good. KiloEx is also planning to launch a bounty program and release a detailed report on how the exploit occurred.
The Consequences
This heist has put a serious crimp in KiloEx's flow, with their native token, KILO, taking a plunge of more than 27% to trade at $0.03596. That's a hefty drop, folks! It's worth mentioning that the token is down more than 78% from its all-time high of $0.1648.
The Broader Picture
KiloEx set up shop in 2023, boasting Binance Labs as a lead investor and strategic partner, alongside YZi Labs for good measure. Just days before the security breach, they announced a partnership with DWF Labs, a Dubai-based Web3 venture capital firm, to expand their market reach and accelerate growth.
It seems the crypto world's been experiencing quite a spell of bad luck lately, as Q1 2025 witnessed a record-breaking loss of $1.64 billion due to cryptocurrency exploits. To add insult to injury, DeFi protocols shed $106.8 million in 38 separate incidents during this period. This unfortunate episode serves as yet another reminder of the DeFi arena's vulnerabilities.
Y'all stay safe out there in the cryptosphere!
- The cybersecurity platform Cyvers Alerts detected a suspicious series of transactions on KiloEx, a decentralized exchange, across multiple blockchains, including Base, Taiko, and BNB Chain, which resulted in a $7.5 million loss due to a cross-chain attack.
- The culprit exploited a loophole in KiloEx's price oracle, manipulating prices to create positions at low prices and close them at inflated ones, thereby reaping a significant profit.
- KiloEx, in an attempt to recover the stolen funds and plug the loophole, has collaborated with several security partners, including BNB Chain, Manta Network, Seal-911, SlowMist, and Sherlock, to trace the stolen funds and prevent further losses.
- The heist has had a significant impact on KiloEx's native token, KILO, which plunged by more than 27% following the incident, underscoring the vulnerabilities within the DeFi arena, especially after Q1 2025 witnessed a record-breaking loss of $1.64 billion due to cryptocurrency exploits.
