tl;dr
KiloEx, a new perpetual trading platform backed by YZi Labs (formerly Binance Labs), suffered a cross-chain exploit starting April 14, resulting in a theft of about $7 million. The attacker exploited a potential access control vulnerability in KiloEx’s price oracle system, using a Tornado Cash-funde...
KiloEx, a newly launched perpetual trading platform backed by YZi Labs (formerly Binance Labs), suffered a significant $7 million cross-chain exploit beginning April 14. The attacker exploited a price oracle access control vulnerability, using Tornado Cash-funded addresses to carry out coordinated multi-chain transactions across the BNB Smart Chain, Base, and Taiko networks.
In response to the breach, KiloEx immediately suspended platform operations and initiated collaboration with blockchain security firms including Seal-911, SlowMist, and Sherlock. The team is actively investigating the incident, tracing stolen funds, and has announced a bounty program to encourage white hat hackers to assist in asset recovery.
The impact on the market was swift and severe, with the KILO token plummeting 30% in value, dropping its market capitalization from $11 million to $7.5 million within hours. This incident highlights potential systemic risks in multi-chain DeFi architectures, emphasizing the critical importance of robust oracle security.
KiloEx’s Token Generation Event (TGE) launched on March 27 with partnerships including Binance Wallet and PancakeSwap, creating high expectations given its backing and integration with the BNB Smart Chain ecosystem. However, this exploit underscores the vulnerabilities new DeFi platforms face as they scale across multiple blockchains.
Security teams continue to monitor the attacker’s wallet activity to prevent further damage, and ongoing remediation efforts strive to fortify KiloEx’s infrastructure. The situation remains fluid, with stakeholders closely watching how effectively the project can recover stolen assets and restore user confidence.