KiloEx, a decentralized perpetual trading platform recently launched with backing from YZi Labs (formerly known as Binance Labs), has fallen victim to a significant exploit, resulting in losses of around $7 million across multiple blockchain networks. The incident, which began on April 14, is currently under investigation and has prompted the suspension of all platform operations.
Multi-Chain Breach Raises Alarm
The exploit targeted the BNB Smart Chain, Base, and Taiko networks—highlighting vulnerabilities in cross-chain DeFi protocols. According to security researchers from Cyvers, the attacker used a wallet funded through Tornado Cash, a well-known crypto mixer often associated with anonymizing illicit fund transfers. The malicious actor carried out a series of complex transactions that appear to have taken advantage of a flaw in KiloEx’s price oracle system, specifically related to access control permissions.
Price oracles are critical components in decentralized finance, providing external data like asset prices to smart contracts. A vulnerability here can allow attackers to manipulate prices, triggering unintended or fraudulent trades and draining liquidity from the protocol.
Launched Amid Hype, Hit Hard by Hack
KiloEx launched with fanfare just weeks ago, holding its Token Generation Event (TGE) on March 27 through collaborations with Binance Wallet and PancakeSwap. The project quickly gained visibility, with its token KILO listed on Binance Alpha, drawing attention due to its affiliation with major players in the crypto space.
However, the exploit has cast a shadow over its early momentum. In the wake of the attack, the KILO token suffered a steep 30% drop, with its market capitalization shrinking from $11 million to $7.5 million in mere hours.
Response and Recovery Efforts Underway
In response to the breach, KiloEx has halted all trading activity and is working closely with cybersecurity firms and blockchain analytics teams to trace the stolen assets. The team has indicated that the attack is still ongoing and warned that some USDC funds may be blacklisted as a preventive measure.
To boost recovery efforts, KiloEx plans to launch a bounty program aimed at enlisting ethical hackers and white hat developers to assist in retrieving stolen funds and patching the system’s vulnerabilities.
Ongoing Threat to DeFi Security
The KiloEx breach is yet another reminder of the challenges decentralized platforms face, especially when operating across multiple chains. As protocols become increasingly complex, ensuring robust oracle security and cross-chain resilience has become more critical than ever.
With the situation still unfolding, KiloEx users and investors are being urged to stay informed and await further updates from the development team and security partners.