Decentralized exchange KiloEx has been hit by a major security breach, resulting in the loss of approximately $7.5 million. The attack exploited a vulnerability in the platform’s price oracle system, allowing the attacker to manipulate asset prices to extract funds across several blockchain networks.
The attacker manipulated KiloEx’s ETH/USD price oracle by setting the price to $100 when opening leveraged positions and then inflating it to $10,000 upon closing them. In a single transaction, the attacker was able to realize $3.12 million in profits. The exploit affected the Base, opBNB, and BNB Smart Chain networks, with losses distributed at $3.3 million, $3.1 million, and $1 million, respectively.
Blockchain analysts identified that the attacker’s wallet was initially funded through Tornado Cash, a privacy protocol frequently associated with laundering illicitly obtained funds. The use of Tornado Cash to obscure the origin of the funds makes the tracing process significantly more complex, underlining ongoing challenges around anonymity and accountability in decentralized finance.
Further analysis of blockchain activity shows that the attacker funneled stolen funds through cross-chain protocols like zkBridge and Meson, potentially to obfuscate movements and evade recovery attempts. This multi-chain execution illustrates the evolving sophistication of DeFi attackers, who are increasingly leveraging interoperability protocols to move stolen assets across ecosystems in real time.
KiloEx Freezes Operations, Launches Bounty Program
In response to the breach, KiloEx has suspended all platform operations to contain the damage and prevent further exploits. The exchange is working with blockchain security firms including PeckShield, SlowMist, and Sherlock to investigate the incident, identify vulnerabilities, and trace the attacker’s activities.
To accelerate recovery and encourage community participation, KiloEx plans to introduce a bounty program, inviting white-hat hackers and researchers to assist in the identification and recovery of lost assets. The exchange has also issued a call to its partners, liquidity providers, and other DeFi protocols to blacklist the attacker’s wallet addresses and monitor suspicious activity linked to the hack.
Following news of the exploit, KiloEx’s native token, KILO, experienced a sharp decline of over 30%, dropping to $0.0353. This marks a 78% decrease from its March 27 all-time high of $0.1648. The sudden price drop reflects investor concern over the protocol’s future and the broader implications for decentralized derivatives platforms.
Security experts and community leaders have pointed to the incident as yet another example of systemic risks in the DeFi sector, especially those linked to oracle manipulation and cross-chain vulnerabilities. As more platforms expand to support multiple chains, the attack surface increases—making secure data feeds, rigorous audits, and responsive governance more critical than ever.
This breach highlights the pressing need for DeFi protocols to adopt robust preventative security strategies and establish emergency response frameworks. As KiloEx works to recover, the broader DeFi industry watches closely, once again reminded of the high-stakes nature of open finance and the importance of resilience in decentralized systems.
Descubra mais sobre
Assine para receber nossas notícias mais recentes por e-mail.