KiloEX Suspends Platform After $7.5M Exploit

Decentralized exchange KiloEX has confirmed that it has suspended the use of its platform and is tracing stolen funds after suffering a $7.5 million exploit. The exploit has been contained, with the platform's usage suspended and an investigation underway, according to a statement released by the KiloEX team on April 14. The team has immediately suspended platform usage and is working with security partners to trace the flow of funds. They are analyzing the attack vector and affected assets, and collaborating with ecosystem partners to trace and recover funds where possible.

A bounty program and a full report on how the exploit occurred are also in the works, according to KiloEX. In an update, the KiloEX team said it was collaborating with BNB Chain, Manta Network, and cybersecurity firms Seal-911, SlowMist, and Sherlock in an effort spanning “multiple ecosystems.” The investigation has confirmed that the stolen assets are currently being routed through zkBridge and Meson. KiloEX is urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.

Cybersecurity firm PeckShield said in an April 14 post that the exploiter looted $7.5 million in total, with $3.3 million in Base, $3.1 million in opBNB, and $1 million in BSC. The firm has speculated that the exploit is likely a “price oracleORCL-- issue,” where the information used by a smart contract to determine the price of an asset is manipulated or inaccurate, leading to the exploit. PeckShield's initial analysis on one transaction exploit indicates a price oracle issue. The hacker exploits it to create a new position with an initial given ETH/USD price of 100 and then immediately close the position with an inflated ETH/USD price of 10,000, netting the $3.12 million profit in one single transaction.

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, also weighed in, speculating the exploit was likely due to a price oracle issue. Shou added that it was a “very simple vulnerability” when a user asked about the complexity of the exploit. KiloEX was established in 2023 and is backed by Binance Labs, which is a lead investor and strategic partner. This exploit comes just days after the exchange announced a partnership with Dubai-based Web3 venture capitalist firm DWF Labs on April 13, which promised to expand KiloEX's market presence and accelerate growth. On March 25, DWF Labs launched a $250 million Liquid Fund to accelerate the growth of mid- and large-cap blockchain projects and drive real-world adoption of Web3 technologies.