KiloEx Suffers $7.5M Loss in Cross-Chain Attack

KiloEx, a decentralized exchange, has confirmed a security breach resulting in a loss of approximately $7.5 million. The exploit, which occurred on April 14, 2025, was identified as a cross-chain attack affecting multiple blockchain networks. The platform immediately suspended all trading operations following the discovery of the security breach.

The attack was first detected by a blockchain security platform at 7:30 PM UTC on April 14. Suspicious transactions were executed across several blockchains, including Base, Taiko, and BNB Chain. Cybersecurity experts have identified a price oracleORCL-- vulnerability as the root cause of the exploit. Price oracles provide smart contracts with external data about asset prices, and in this instance, the mechanism was compromised.

The hacker exploited a price oracle issue to manipulate asset prices, allowing them to create positions at artificially low prices and close them at inflated values. In one transaction, the hacker created a new position with an initial ETH/USD price of $100 and immediately closed it at an inflated ETH/USD price of $10,000, netting a profit of $3.12 million in a single transaction. The highest losses occurred on the Base network at $3.3 million, followed by the opBNB network at $3.1 million, and the BSC network at approximately $1 million.

KiloEx has assembled a team of security partners to help trace and potentially recover the stolen funds. The exchange is collaborating with various blockchain networks and cybersecurity firms to analyze the attack vector and affected assets. The stolen assets are being routed through zkBridge and Meson protocols, and KiloEx is attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.

KiloEx has also announced plans to launch a bounty program and release a full report on how the exploit occurred. The exchange is urging other protocols and platforms to blacklist the attacker’s wallet addresses. The stolen funds include USD Coin (USDC), which may be blacklisted by the token issuers, potentially making it difficult for attackers to convert these funds.

The security breach has impacted the value of KiloEx’s native token, KILO. Following the news, KILO dropped by over 27% to trade at $0.03596. The token remains down more than 78% from its all-time high of $0.1648 reached on March 27. KiloEx was established in 2023 and is backed by a lead investor and strategic partner. The perpetual DEX is also supported by YZi Labs.

The security breach comes just days after KiloEx announced a partnership with a venture capital firm on April 13. The partnership was intended to expand KiloEx’s market presence and accelerate growth. This exploit is part of a larger trend of DeFi security incidents. The first quarter of 2025 was the worst on record for cryptocurrency exploits, with $1.64 billion stolen in total. DeFi protocols lost $106.8 million across 38 separate incidents during this period.