Decentralized exchange KiloEx says $7.5M exploit has been contained
Decentralized exchange KiloEX has confirmed it has suspended usage of its platform and is tracing stolen funds after suffering a $7.5 million exploit.
The exploit has been contained, with use of the platform suspended and an investigation underway, the KiloEX team said in an April 14 statement to X.
“The team has immediately suspended platform usage and is working with security partners to trace the flow of funds,” KiloEX said.
“We are analyzing the attack vector and affected assets. We are collaborating with ecosystem partners to trace and recover funds where possible.”
Source: KiloEX
A bounty program and a full report on how the exploit occurred is also in the works, according to KiloEX.
In an update, the KiloEX team said it was collaborating with BNB Chain, Manta Network, and cybersecurity firms Seal-911, SlowMist and Sherlock in an effort spanning “multiple ecosystems.”
“Our investigation has confirmed that the stolen assets are currently being routed through zkBridge and Meson,” KiloEX said.
“We are urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.”
KiloEX attacker exploited price oracle issue, say analysts
Cybersecurity firm PeckShield said in an April 14 post to X the exploiter looted $7.5 million in total, $3.3 million Base, $3.1m opBNB and $1m BSC.
The firm has speculated the exploit is likely a “price oracle issue,” where the information used by a smart contract to determine the price of an asset is manipulated or inaccurate, leading to the exploit.
“Our initial analysis on one transaction exploit indicates a price oracle issue,” PeckShield said.
Source: PeckShield
“The hacker exploits it to create a new position with initial given ETH/USD price of 100 and then immediately close the position with inflated ETH/USD price of 10000, netting the $3.12m profit in one single transaction.”
Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, also weighed in, speculating the exploit was likely due to a price oracle issue.
“Anyone can change the Kilo’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller,” Shou said.
Shou added it was a “very simple vulnerability” when a user asked about the complexity of the exploit.
Source: Chaofan Shou
The news has sent the KiloEX’s native token, Kilo, plunging over 27% to trade at $0.03596, according to CoinGecko. It’s still down over 78% from its all-time high of $0.1648, which it hit on March 27.
Related: Mantra CEO says OM token recovery ‘primary concern’ but in early stages
KiloEx was established in 2023 and is backed by Binance Labs, which is a lead investor and strategic partner.
This exploit comes just days after the exchange announced a partnership with Dubai-based Web3 venture capitalist firm DWF Labs on April 13, which promised to expand KiloEx’s market presence and accelerate growth.
On March 25, DWF Labs launched a $250 million Liquid Fund to accelerate the growth of mid- and large-cap blockchain projects and drive real-world adoption of Web3 technologies.
Magazine: Bitcoin eyes $100K by June, Shaq to settle NFT lawsuit, and more: Hodler’s Digest, April 6–12
Bitcoin (BTC) $ 104,325.00
Ethereum (ETH) $ 2,445.63
Tether (USDT) $ 1.00
XRP (XRP) $ 2.40
BNB (BNB) $ 642.73
Solana (SOL) $ 169.53
USDC (USDC) $ 0.999899
Dogecoin (DOGE) $ 0.226218
Cardano (ADA) $ 0.743582
TRON (TRX) $ 0.265842
Lido Staked Ether (STETH) $ 2,440.19
Wrapped Bitcoin (WBTC) $ 104,506.00
Sui (SUI) $ 3.78
Wrapped stETH (WSTETH) $ 2,934.99
Chainlink (LINK) $ 15.44
Avalanche (AVAX) $ 22.40
Stellar (XLM) $ 0.288640
Hyperliquid (HYPE) $ 26.23
Shiba Inu (SHIB) $ 0.000015
Hedera (HBAR) $ 0.191952
LEO Token (LEO) $ 8.72
Bitcoin Cash (BCH) $ 400.96
Toncoin (TON) $ 3.10
Litecoin (LTC) $ 98.55
Polkadot (DOT) $ 4.65
USDS (USDS) $ 0.999777
WETH (WETH) $ 2,449.52
Monero (XMR) $ 339.79
Bitget Token (BGB) $ 5.16
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999915
Wrapped eETH (WEETH) $ 2,625.43
Pepe (PEPE) $ 0.000013
Pi Network (PI) $ 0.732241
Ethena USDe (USDE) $ 1.00
Coinbase Wrapped BTC (CBBTC) $ 104,332.00
WhiteBIT Coin (WBT) $ 30.32
Bittensor (TAO) $ 416.50
Dai (DAI) $ 0.999998
Uniswap (UNI) $ 5.93
Aave (AAVE) $ 229.24
NEAR Protocol (NEAR) $ 2.73
Aptos (APT) $ 5.07
OKB (OKB) $ 52.97
Jito Staked SOL (JITOSOL) $ 202.05
Ondo (ONDO) $ 0.932759
Cronos (CRO) $ 0.097981
Kaspa (KAS) $ 0.110270
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Tokenize Xchange (TKX) $ 35.76
Ethereum Classic (ETC) $ 18.28
Internet Computer (ICP) $ 5.20
Gate (GT) $ 21.53
Official Trump (TRUMP) $ 12.99
Mantle (MNT) $ 0.734113
VeChain (VET) $ 0.028000
Ethena Staked USDe (SUSDE) $ 1.17
Render (RENDER) $ 4.52
sUSDS (SUSDS) $ 1.05
Ethena (ENA) $ 0.375468
Cosmos Hub (ATOM) $ 4.81
USD1 (USD1) $ 1.00
Lombard Staked BTC (LBTC) $ 103,642.00
POL (ex-MATIC) (POL) $ 0.234646
Artificial Superintelligence Alliance (FET) $ 0.750847
Algorand (ALGO) $ 0.220071
Fasttoken (FTN) $ 4.40
Filecoin (FIL) $ 2.82
Arbitrum (ARB) $ 0.382063
Celestia (TIA) $ 2.62
Worldcoin (WLD) $ 1.11
Sonic (prev. FTM) (S) $ 0.502158
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.52
First Digital USD (FDUSD) $ 1.01
Bonk (BONK) $ 0.000019
Binance-Peg WETH (WETH) $ 2,430.06
Binance Staked SOL (BNSOL) $ 180.44
KuCoin (KCS) $ 11.54
Jupiter (JUP) $ 0.495012
Maker (MKR) $ 1,701.03
Kelp DAO Restaked ETH (RSETH) $ 2,605.59
Story (IP) $ 4.87
Stacks (STX) $ 0.861051
Virtuals Protocol (VIRTUAL) $ 1.96
Flare (FLR) $ 0.019358
NEXO (NEXO) $ 1.27
Fartcoin (FARTCOIN) $ 1.26
Sei (SEI) $ 0.227506
EOS (EOS) $ 0.796462
Immutable (IMX) $ 0.642340
Optimism (OP) $ 0.697010
Injective (INJ) $ 11.78
Rocket Pool ETH (RETH) $ 2,780.46
XDC Network (XDC) $ 0.072549
USDT0 (USDT0) $ 1.00
Solv Protocol BTC (SOLVBTC) $ 104,142.00
The Graph (GRT) $ 0.109644
dogwifhat (WIF) $ 0.974418
Raydium (RAY) $ 3.24
FLOKI (FLOKI) $ 0.000096
Mantle Staked Ether (METH) $ 2,600.92
