KiloEx Suffers $7M Security Breach, KILO Token Drops 30%

KiloEx, a newly launched perpetual trading platform backed by YZi Labs, has suffered a significant security breach. The cross-chain exploit resulted in the theft of approximately $7 million. The attack, which began on April 14, is ongoing and has impacted operations across multiple networks, including BNB Smart Chain, Base, and Taiko.

Cyvers analysts reported that the attacker used a Tornado Cash-funded address to execute a series of coordinated transactions. The exploit targeted potential access control flaws in KiloEx’s price oracleORCL-- system. On-chain evidence shows rapid fund movements between multiple chains, raising concerns over systemic vulnerabilities in multi-chain DeFi architecture.

KiloEx launched its Token Generation Event (TGE) on March 27 in partnership with Binance Wallet and PancakeSwap. The platform is currently listed on Binance Alpha. The project was incubated by YZi Labs, an investment and innovation division previously branded as Binance Labs. The launch attracted significant attention due to its backing and integration with BNB Smart Chain.

Following the attack, KiloEx has suspended its platform and is collaborating with security partners to investigate the breach and track stolen funds. The team has announced plans to launch a bounty program to encourage white hat assistance and recover user assets. Security teams are actively monitoring the attacker’s wallet addresses, and the situation remains fluid as remediation efforts continue and the vulnerability is further assessed.

The incident has triggered sharp market reactions. The KILO token plummeted by 30%, with its market capitalization dropping from $11 million to $7.5 million within hours of the attack. The project team is actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners, including Seal-911, SlowMist, and Sherlock, to investigate the recent KiloEx Vault exploit and trace the stolen assets.

This breach highlights the ongoing challenges in securing multi-chain DeFi platforms. The use of Tornado Cash, a privacy-focused tool, complicates the tracking of stolen funds. The incident underscores the need for robust security measures and continuous monitoring in the rapidly evolving DeFi landscape. KiloEx’s response, including the suspension of operations and the launch of a bounty program, demonstrates a proactive approach to mitigating the impact of the exploit and restoring user confidence.