KiloEx Suffers $7.5 Million Loss in Coordinated Multi-Chain Exploit

Highlights:

• KiloEx lost $7.5 million due to a flaw in its price oracle across Base, opBNB, and BNB Chain.
• The platform paused all activity and is working with security teams to trace and recover the stolen funds.
• The KILO token dropped over 27% after the hack and is now down more than 78% from its highest price.

KiloEx, a decentralized perpetuals trading platform supported by YZi Labs, experienced a major exploit on April 14. The incident was first detected at 7:30 PM UTC by blockchain security company Cyvers Alerts. The company reported suspicious transactions linked to a wallet funded through Tornado Cash. The wallet carried out activities across Base, opBNB, and BNB Chain. The root cause of the exploit was identified as a vulnerability in the platform’s price oracle access control.

🚨7M HACK ALERT🚨Our system has detected multiple suspicious transactions involving @KiloEx_perp across several chains.

An address funded via @TornadoCash has executed a series of exploitative transactions on the $BNB, $Base, and $Taiko chains — accumulating approximately $7M in… pic.twitter.com/od4UTsSrXs

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 14, 2025

Blockchain security firm PeckShield estimated the total loss at $7.5 million. The breakdown of the stolen funds includes $3.3 million from Base, $3.1 million from opBNB, and $1 million from BNB Chain. The attacker exploited the vulnerability by opening a position using a manipulated ETH/USD price of 100.

They then closed the position at a highly inflated price of 10,000. This single transaction alone allowed the attacker to earn over $3 million. The use of an incorrect price oracle without proper checks made the attack possible.

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, noted that anyone could change the price oracle on KiloEx. He explained that although the system verified the caller as a trusted forwarder, it failed to confirm the forwarded caller. He described it as a simple vulnerability that was easy to exploit. This detail highlighted the weakness in the platform’s oracle control system.

.@KiloEx_perp is hacked. $6M+ loss already. Likely due to price oracle access control issues. pic.twitter.com/4jpQJZYLys

— Chaofan Shou (svm/acc) (@shoucccc) April 14, 2025

KiloEx Suspends Platform and Begins Recovery Measures

Shortly after the attack, KiloEx confirmed the exploit and suspended all platform operations. The team said it was working with multiple blockchain security firms, including Seal-911, SlowMist, and Sherlock. These teams joined efforts to trace the flow of stolen assets and examine how the attack was carried out. KiloEx also reached out to bridge protocols zkBridge and Meson, as the stolen funds were being moved through them.

🚨 Update on the KiloEx Vault Exploit 🚨

We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets.

Our joint…

— KiloEx (@KiloEx_perp) April 14, 2025

The platform requested all protocols and services to block transactions involving the exploiter’s wallet. KiloEx also announced that it would release a full postmortem report. In addition, the team stated that a bounty program would begin to support fund recovery efforts. The platform added that it was actively cooperating with Base, BNB Chain, and Manta Network to stop further asset movement.

KiloEx said its investigation was focused on understanding the attack path and identifying which assets had been affected. The team is working across multiple ecosystems to recover what was lost. They are also trying to prevent any further damage while maintaining communication with security teams and bridge operators.

KILO Token Declines After Attack and Recent Partnership

After news of the exploit spread, KILO, the native token of KiloEx, dropped over 27% to $0.03596. It has now declined more than 78% from its all-time high of $0.1648. At press time, KILO is trading at $0.03893, a 23.15% decrease in the past day. In addition, the market cap is down to $8.24 million. However, the trading volume is up 81.26% to $67.8 million.

The exploit came only one day after KiloEx announced a new partnership with Web3 venture capital firm DWF Labs. On March 25, DWF Labs launched a $250 million liquid fund to support blockchain growth.