Decentralized Exchange KiloEx Says $7.5M Exploit Has Been Contained

KiloEx Confirms $7.5M Exploit Contained, Traces Lead to Price Oracle Vulnerability

Decentralized exchange KiloEx has confirmed it suffered a $7.5 million exploit, prompting an immediate shutdown of platform usage and a sweeping investigation involving multiple blockchain ecosystems and cybersecurity firms.

Source: KiloEX

The incident, which took place on April 14, is suspected to have been triggered by a price oracle manipulation, where attackers exploited weaknesses in how asset prices are fed to smart contracts.

In a statement shared via X (formerly Twitter), the KiloEx team stated:

“The team has immediately suspended platform usage and is working with security partners to trace the flow of funds.”

They added that the attack vector is still under review and a bounty program and full post-mortem report are being prepared to ensure transparency and support recovery efforts.

Collaborative Investigation Across Chains

KiloEx said it is collaborating with major ecosystem players, including BNB Chain, Manta Network, and cybersecurity firms such as Seal-911, SlowMist, and Sherlock, to investigate and potentially recover funds. The stolen assets are reportedly being routed through zkBridge and Meson, and efforts are underway to stop further movement of the funds.

Source: PeckShield

“We are urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses,” the team said.

Oracle Exploit at the Core

Initial assessments from blockchain security firm PeckShield suggest the exploit involved manipulating the platform’s price oracle, a system that feeds real-world asset prices into smart contracts. According to their analysis, the attacker manipulated the ETH/USD price from 100 to 10,000 within a single transaction, netting over $3.1 million in one exploit alone.

Breakdown of the stolen assets includes:

• $3.3 million on Base

• $3.1 million on opBNB

• $1 million on Binance Smart Chain (BSC)

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, echoed PeckShield’s findings, stating that the exploit stemmed from a lack of proper caller verification on KiloEx’s price oracle:

“Anyone can change the Kilo’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller.”

He described it as a “very simple vulnerability,” indicating the flaw could have been easily prevented with more thorough contract verification.

Market Impact and Community Reaction

The breach sent KiloEx’s native token, KILO, tumbling over 27% to $0.03596, according to CoinGecko. The token has now fallen more than 78% from its all-time high of $0.1648, recorded just weeks earlier on March 27.

The timing of the exploit is particularly unfortunate, as it came just a day after KiloEx announced a new strategic partnership with DWF Labs, a Dubai-based Web3 venture capital firm. The partnership was intended to fuel KiloEx’s market expansion and user base growth.

Source: Chaofan Shou

DWF Labs had recently launched a $250 million Liquid Fund on March 25, aiming to accelerate adoption of blockchain projects and boost Web3 development globally — making the KiloEx incident a sobering moment for both companies.

Backed by Binance Labs

Founded in 2023, KiloEx is backed by Binance Labs, the venture capital arm of Binance, which serves as a lead investor and strategic partner. The exploit adds to a growing list of DeFi protocols targeted by attackers in recent months, once again highlighting the need for robust security audits and decentralized infrastructure design.

As the KiloEx team continues its investigation and begins the recovery process, the crypto community is watching closely to see whether the stolen funds can be retrieved — and how KiloEx will rebuild trust in its platform moving forward.