Author: Stephen Katte, CoinTelegraph; Compiler: Baishui, Golden Finance
Decentralized exchange KiloEX has confirmed that its platform has been suspended due to a $7.5 million attack and is tracking the stolen funds.
In a statement to X on April 14, the KiloEX team said that the vulnerability has been controlled, the platform has been suspended, and an investigation is ongoing.
KiloEX said: "The team has immediately suspended the use of the platform and is working with security partners to track the flow of funds."
"We are analyzing the attack vector and the affected assets. We are working with ecosystem partners to track and recover funds as much as possible."
KiloEX said that a bounty program and a full report on how the vulnerability occurred are also in preparation.
In the latest news, the KiloEX team said that they are working with BNB Chain, Manta Network, and cybersecurity companies Seal-911, SlowMist and Sherlock to cover "multiple ecosystems."
“Our investigation has confirmed that the stolen assets are currently being routed through zkBridge and Meson,” KiloEX said.
“We are urgently trying to work with both protocols to stop ongoing transactions and prevent further losses.”
Cybersecurity firm PeckShield said in an April 14 post to X that the exploiter stole a total of $7.5 million, including $3.3 million in Base, $3.1 million in opBNB, and $1 million in BSC.
The company speculated that the vulnerability was likely a “price oracle issue,” in which the information used by smart contracts to determine asset prices is manipulated or inaccurate, leading to an exploit.
PeckShield said: "Our preliminary analysis of a trading vulnerability indicates that there is a price oracle problem."
"The hacker exploited the vulnerability to create a new ETH/USD position with an initial price of 100, and then immediately closed the position at an inflated price of 10,000 ETH/USD, netting $3.12 million in a single transaction."
Chaofan Shou, co-founder of blockchain analysis company Fuzzland, also participated in the incident. He speculated that the vulnerability was most likely caused by a problem with the price oracle.
“Anyone can change Kilo’s price oracle. They do verify that the caller is a trusted forwarder, but they don’t verify the caller being forwarded,” Shou said.
When a user asked about the complexity of the exploit, Shou added that it was a “very simple vulnerability.”
The news caused KiloEX’s native token Kilo to plummet by more than 27%, trading at $0.03596, according to CoinGecko data. Currently, the price is still down more than 78% from its all-time high of $0.1648 on March 27.
KiloEx was founded in 2023 and is backed by Binance Labs, which is its main investor and strategic partner.
The attack came just days after the exchange announced a partnership with Dubai-based Web3 venture capital firm DWF Labs on April 13, which pledged to expand KiloEx’s market share and accelerate its growth.
On March 25, DWF Labs launched a $250 million liquidity fund aimed at accelerating the development of mid- to large-scale blockchain projects and promoting the real-world application of Web3 technologies.
Lido has stopped new staking on Polygon, but users can withdraw staked MATIC until 16 June 2025. The move follows low adoption and Lido's strategic focus on Ethereum.
KikyoScammers are targeting crypto investors through social media platforms like YouTube, WhatsApp, and Telegram, offering fake trading advice and fraudulent investment schemes. They lure victims with fake platforms, celebrity endorsements, and manipulated interactions, leading to significant financial losses.
WeatherlyMeta's AI-powered Ray-Ban glasses now offer live AI, real-time translation, and music recognition, blending advanced features into daily life. Are these smart shades the future of wearable tech?
CatherineAmazon is using AI and machine learning to combat rising impersonation scams, especially during the holiday season. The company has successfully shut down thousands of phishing sites and phone numbers, but stresses the importance of collaboration with other industry players to fight fraud effectively.
AnaisOpenAI has launched a new search feature in ChatGPT, now available to all users, challenging Google’s dominance in the search engine market. The feature offers real-time information with web-sourced citations, marking a significant expansion for OpenAI in the AI-driven search space.
WeatherlyThe US Senate Banking Committee has cancelled Caroline Crenshaw’s renomination, ending her tenure as SEC commissioner. Known for her anti-crypto stance, Crenshaw opposed Bitcoin ETFs and pushed for stricter crypto oversight. While the crypto community celebrates, is the victory premature?
CatherineCrypto.com CEO Kris Marszalek met with President-elect Trump to discuss crypto appointments and Bitcoin reserves, as the exchange dropped its SEC lawsuit. Are more crypto-friendly appointments on the horizon?
KikyoBybit will end its services in France by 8 January 2025 due to strict regulations from the French Financial Markets Authority (AMF). Customers must withdraw funds before the deadline or transfer assets to Coinhouse, a licensed local custodian.
WeatherlyElon Musk accused Senator Elizabeth Warren of backing SBF’s parents, while Warren criticised his D.O.G.E involvement, citing conflicts of interest. Musk defended D.O.G.E, arguing it could curb inflation by cutting government waste. Is this political clash necessary, or just another distraction in crypto debates?
CatherineThe U.S. Treasury sanctioned two Chinese individuals and a UAE-based company for laundering cryptocurrency to fund North Korea’s weapons programmes. The crackdown aims to disrupt Pyongyang’s use of cybercrime and illicit financial networks to support its nuclear ambitions.
Anais