{"id":20629,"date":"2025-04-15T09:50:38","date_gmt":"2025-04-15T09:50:38","guid":{"rendered":"https:\/\/nft.runfyers.com\/index.php\/2025\/04\/15\/hackers-exploited-7-5-million-from-kiloex-vault-dex\/"},"modified":"2025-04-15T09:50:38","modified_gmt":"2025-04-15T09:50:38","slug":"hackers-exploited-7-5-million-from-kiloex-vault-dex","status":"publish","type":"post","link":"https:\/\/nft.runfyers.com\/index.php\/2025\/04\/15\/hackers-exploited-7-5-million-from-kiloex-vault-dex\/","title":{"rendered":"Hackers Exploited $7.5 Million from KiloEx Vault DEX"},"content":{"rendered":"<p><\/p>\n<div>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The crypto community faced another significant blow on April 14, 2025, when KiloEx, a perpetual trading platform backed by YZi Labs (formerly Binance Labs), suffered a devastating hack. The exploit resulted in a loss of approximately $7.5 million across multiple blockchains, exposing vulnerabilities in the platform\u2019s oracle system. <\/span><\/span><\/p>\n<h2 class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"ez-toc-section\" id=\"The_Hack_That_Exploited_an_%E2%80%9CUnthinkable%E2%80%9D_Flaw\"\/><strong>The Hack That Exploited an \u201cUnthinkable\u201d Flaw<\/strong><span class=\"ez-toc-section-end\"\/><\/h2>\n<p><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The KiloEx Vault hack unfolded in the early hours of April 14, 2025, when Web3 security firm Cyvers Alerts detected a series of suspicious transactions across several blockchains, including BNB Smart Chain, Base, and Taiko.<\/span><\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udea87M HACK ALERT\ud83d\udea8Our system has detected multiple suspicious transactions involving <a href=\"https:\/\/twitter.com\/KiloEx_perp?ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">@KiloEx_perp<\/a> across several chains.<\/p>\n<p>An address funded via <a href=\"https:\/\/twitter.com\/TornadoCash?ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">@TornadoCash<\/a> has executed a series of exploitative transactions on the <a href=\"https:\/\/twitter.com\/search?q=%24BNB&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">$BNB<\/a>, <a href=\"https:\/\/twitter.com\/search?q=%24Base&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">$Base<\/a>, and <a href=\"https:\/\/twitter.com\/search?q=%24Taiko&amp;src=ctag&amp;ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">$Taiko<\/a> chains \u2014 accumulating approximately $7M in\u2026 <a href=\"https:\/\/t.co\/od4UTsSrXs\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">pic.twitter.com\/od4UTsSrXs<\/a><\/p>\n<p>\u2014 \ud83d\udea8 Cyvers Alerts \ud83d\udea8 (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1911867270852227131?ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">April 14, 2025<\/a><\/p>\n<\/blockquote>\n<p><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The attacker, using a wallet funded through Tornado Cash, exploited a critical flaw in KiloEx\u2019s oracle system, which is responsible for providing accurate asset price data to smart contracts. According to Cyvers, the vulnerability stemmed from an access control issue that allowed the hacker to manipulate asset prices, specifically the ETH\/USD pair. <\/span><\/span><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The hacker opened a position with a fabricated ETH\/USD price of just $100, then closed it at an inflated $10,000, pocketing a staggering $3.12 million in a single transaction. <\/span><\/span><\/p>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\"><a href=\"https:\/\/x.com\/peckshield\/status\/1911898560888524962\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">PeckShield<\/a> estimated the total losses at $7.5 million, with $3.3 million stolen from Base, $3.1 million from opBNB, and $1 million from BNB Smart Chain.<\/span><\/span><\/p>\n<div id=\"attachment_150849\" style=\"width: 1034px\" class=\"wp-caption alignnone\"><noscript><\/noscript><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-150849\" class=\"lazyload wp-image-150849 size-large\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2025\/04\/Screenshot-98-e1744710422127-1024x636.jpg\" alt=\"The Hack That Exploited an &quot;Unthinkable&quot; Flaw\" width=\"1024\" height=\"636\"\/><\/p>\n<p id=\"caption-attachment-150849\" class=\"wp-caption-text\">Example of a transaction of ETH from hacker \u2013 Source: Basescan<\/p>\n<\/div>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">Chaofan Shou, co-founder of on-chain analytics platform Fuzzland, explained that the oracle\u2019s access validation mechanism failed to verify the original transaction initiator, despite requiring a \u201ctrusted forwarder.\u201d Therefore, this hacker can assess and change the oracle price from the smart contract.\u00a0<\/span><\/span><\/p>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">This oversight is likened to checking a delivery person\u2019s identity but not the sender\u2019s. Also, it created a severe exploit opportunity that many in the industry had assumed was \u201cunthinkable\u201d for a platform of KiloEx\u2019s caliber.<\/span><\/span><\/p>\n<h2 class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"ez-toc-section\" id=\"Swift_Response_from_the_KiloEx_Team\"\/><strong><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-b88u0q r-a8ghvy\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">Swift Response from the KiloEx Team<\/span><\/span><\/span><\/strong><span class=\"ez-toc-section-end\"\/><\/h2>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">KiloEx responded promptly to the attack, confirming that its Vault tool had been compromised via the wallet address 0x00fac92881556a90fdb19eae9f23640b95b4bcbd. The team immediately suspended all platform operations to prevent further losses and urged ecosystem partners to blacklist the attacker\u2019s wallet. To trace the stolen funds and mitigate damage, KiloEx partnered with BNB Chain, Manta Network, and leading security firms such as Seal-911, SlowMist, and Sherlock.<\/span><\/span><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">\ud83d\udea8 Update on the KiloEx Vault Exploit \ud83d\udea8<\/p>\n<p>We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners\u2014including Seal-911, SlowMist, and Sherlock\u2014to investigate the recent KiloEx Vault exploit and trace the stolen assets.<\/p>\n<p>Our joint\u2026<\/p>\n<p>\u2014 KiloEx (@KiloEx_perp) <a href=\"https:\/\/twitter.com\/KiloEx_perp\/status\/1911921676167819538?ref_src=twsrc%5Etfw\" data-wpel-link=\"external\" target=\"_blank\" rel=\"nofollow external noopener noreferrer\">April 14, 2025<\/a><\/p>\n<\/blockquote>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The team also revealed that the hacker was using cross-chain tools like zkBridge and Meson to transfer the stolen assets, complicating efforts to freeze the funds. KiloEx reached out to these platforms to halt ongoing transactions and announced plans for a bounty program to incentivize the return of the stolen assets. Additionally, the project committed to releasing a detailed report to ensure transparency with the community, acknowledging the severity of the incident and their responsibility to address it. <\/span><\/span><\/p>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">Despite these efforts, the use of cross-chain tools by the attacker posed significant challenges to the recovery process, leaving the outcome uncertain.<\/span><\/span><\/p>\n<h2 class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"ez-toc-section\" id=\"Severe_Impact_of_KILO_Price_and_Investors\"\/><strong><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-b88u0q r-a8ghvy\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">Severe Impact of $KILO Price and Investors<\/span><\/span><\/span><\/strong><span class=\"ez-toc-section-end\"\/><\/h2>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The fallout from the KiloEx hack was immediate and severe, particularly for the platform\u2019s community and investors. The KiloEx token, <a href=\"https:\/\/nftevening.com\/recommends\/binance-trade\/\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"inline-coin\" data-id=\"kiloex\" data-wpel-link=\"internal\"><span class=\"inline-coin__symbol\">KILO<\/span><span class=\"inline-coin__price\"\/><\/a>, which had launched at a peak price of $0.153 on March 27, 2025, plummeted by 31.9% within 24 hours of the hack, dropping to $0.035. This decline slashed the token\u2019s market capitalization from $11 million to $7.5 million, erasing nearly 78% of its value since launch. The sharp drop reflected a significant loss of investor confidence, as many questioned the platform\u2019s security measures and long-term viability.<\/span><\/span><\/p>\n<div id=\"attachment_150864\" style=\"width: 1034px\" class=\"wp-caption alignnone\"><noscript><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-150864\" class=\"size-large wp-image-150864\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2025\/04\/KILOUSDT_2025-04-15_16-48-48-1024x635.png\" alt=\"Severe Impact of $KILO Price and Investors\" width=\"1024\" height=\"635\"\/><\/noscript><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-150864\" class=\"lazyload size-large wp-image-150864\" src=\"https:\/\/nftevening.com\/wp-content\/uploads\/2025\/04\/KILOUSDT_2025-04-15_16-48-48-1024x635.png\" alt=\"Severe Impact of $KILO Price and Investors\" width=\"1024\" height=\"635\"\/><\/p>\n<p id=\"caption-attachment-150864\" class=\"wp-caption-text\">Source: TradingView<\/p>\n<\/div>\n<p class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The broader DeFi community also felt the ripple effects of the incident. Many users expressed frustration and concern,<\/span><\/span>\u00a0<span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">calling the hack a \u201cwake-up call for DeFi projects to prioritize security.\u201d\u00a0 <\/span><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">The use of cross-chain tools by the hacker amplified fears about vulnerabilities in multi-chain architectures, as the stolen funds remained difficult to trace.<\/span><\/p>\n<p>This Vault hack also echoes a similar incident on Hyperliquid, where a whale exploited liquidation to profit $6.2 million in March 2025. Both events highlight a growing concern within the DeFi community about the security of vault mechanisms and oracle pricing on decentralized exchanges (DEXs). The KiloEx exploit manipulated ETH\/USD prices, while Hyperliquid\u2019s whale took advantage of the volatile JELLY token, revealing how easily oracles can be gamed to distort asset values. These incidents underscore a broader fear: without robust oracle systems and stricter vault protocols, DEXs remain vulnerable to sophisticated attacks, potentially eroding trust in DeFi\u2019s promise of decentralized security.<\/p>\n<blockquote>\n<p>Read more: <a href=\"https:\/\/nftevening.com\/recap-price-manipulation-hyperliquid\/\" data-wpel-link=\"internal\" target=\"_blank\" rel=\"noopener\">Recap of the Price Manipulation in Hyperliquid<\/a><\/p>\n<\/blockquote>\n<h2 class=\"css-146c3p1 r-bcqeeo r-1ttztb7 r-qvutc0 r-37j5jr r-a023e6 r-16dba41 r-1adg3ll r-1b5gpbm r-a8ghvy\" dir=\"ltr\"><span class=\"ez-toc-section\" id=\"Conclusion\"\/><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-b88u0q r-a8ghvy\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">Conclusion<\/span><\/span><\/span><span class=\"ez-toc-section-end\"\/><\/h2>\n<p dir=\"ltr\">This incident not only damaged KiloEx\u2019s reputation but also raised broader concerns about the security of DeFi platforms, particularly those operating across multiple blockchains. As a result, the event may slow the adoption of similar protocols, with investors likely to approach new projects with increased caution. <span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3 r-a8ghvy\">This event underscores the urgent need for improved security measures, particularly in oracle systems and cross-chain protocols, to protect users and restore confidence in decentralized finance.<\/span><\/span><\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/nftevening.com\/kiloex-vault-dex-hack\/?utm_source=rss&#038;utm_medium=rss&#038;utm_campaign=kiloex-vault-dex-hack\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The crypto community faced another significant blow on April 14, 2025, when KiloEx, a perpetual trading platform backed by YZi Labs (formerly Binance Labs), suffered a devastating hack. The exploit resulted in a loss of approximately $7.5 million across multiple blockchains, exposing vulnerabilities in the platform\u2019s oracle system. The Hack That Exploited an \u201cUnthinkable\u201d Flaw [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":20630,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[9],"tags":[21],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nftevening.com\/wp-content\/uploads\/2025\/04\/Featured-Image-1280x720-PRPartnered-10-1.jpg","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/20629"}],"collection":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=20629"}],"version-history":[{"count":0,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/20629\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/20630"}],"wp:attachment":[{"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=20629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=20629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nft.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=20629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}