KiloEx DEX Suffers $7 Million Loss from Oracle Attack
Crypto/Finance
 Trade Crypto on eToro

KiloEx DEX Suffers $7 Million Loss from Oracle Attack

KiloEx, a decentralized exchange, has temporarily halted operations after falling victim to a $7M hack due to a flaw in its price oracle system.

Trade with eToro

Trade with eToro

Open an account

Trade on XM

Trade on XM

Open an account

Trade with XTB

Trade with XTB

Open an account

KiloEx DEX Suffers $7 Million Loss from Oracle Attack

KiloEx has temporarily halted its operations following a significant breach by malicious actors.

What to know:

  • KiloEx, a decentralized exchange, has reported a staggering $7 million loss resulting from a clever attack exploiting its price oracle vulnerabilities.
  • The attacker utilized Tornado Cash to obscure their transactions while affecting asset prices across various blockchain platforms, including Base, BNB Chain, and Taiko.
  • As a response, KiloEx has suspended its services and is working with relevant partners to recover the stolen funds and blacklist the perpetrator’s wallet.

KiloEx, focused on trading perpetual futures, faced this sophisticated breach, prompting immediate action to mitigate damages. Reports indicate that the attack unfolded on multiple blockchain networks, pointing to a vulnerability within the platform’s price oracle system, as identified by blockchain analysis firm Cyvers.

An infiltrator financed through Tornado Cash (a tool designed to conceal transactional trails) executed transactions to exploit the oracle’s weaknesses, enabling price manipulations across different digital currencies.

🚨7M HACK ALERT🚨 Our system has detected numerous suspicious transactions involving @KiloEx_perp across various chains. A wallet funded through @TornadoCash has conducted manipulative transactions on the $BNB, $Base, and $Taiko chains — accumulating approximately $7M in… pic.twitter.com/od4UTsSrXs
— 🚨 Cyvers Alerts 🚨 (Tweet)

KiloEx has confirmed the breach and its temporary cessation of operations as it collaborates with partners to track and recover the stolen assets. In a peculiar twist, the DEX even proposed the attacker a deal, offering a 10% reward if they returned 90% of the stolen funds.

Oracles serve as critical data transmission tools on blockchains, providing outside information essential for executing smart contract decisions. Conversely, they can also present vulnerabilities to breaches. In KiloEx’s incident, the attacker manipulated price data via a flaw in the oracle’s accessibility, taking advantage of flash loans to mislead the system into reporting false price values.

For example, the oracle was misled into reporting an erroneously low value for ETH, which facilitated immense profit withdrawals from the exchange’s vault.

One transaction reportedly netted $3.12 million for the attacker in a single action.

This incident echoes previous security breaches in DeFi, particularly similar oracle manipulation attacks that resulted in hefty losses for platforms such as Mango Markets in 2022, which lost $100 million, and Cream Finance in 2021, which faced $130 million in damages.

Next article

Japanese Bonds Cause Concern as Bitcoin Bounces Back from Recent Tariff Fears

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!