Share this article
DEX KiloEx Loses $7M in Apparent Oracle Manipulation Attack
KiloEx has suspended operations and is collaborating with partners to trace the stolen funds and blacklist the attacker's wallet.
Updated Apr 15, 2025, 2:57 p.m. Published Apr 15, 2025, 7:00 a.m.
Make us preferred on Google
What to know:
- KiloEx, a decentralized exchange, suffered a $7 million loss due to a sophisticated attack exploiting a vulnerability in its price oracle system.
- The attacker used Tornado Cash to fund a wallet and manipulated asset prices across multiple blockchain networks, including Base, BNB Chain, and Taiko.
- KiloEx has suspended operations and is collaborating with partners to trace the stolen funds and blacklist the attacker's wallet.
KiloEx, a decentralized exchange (DEX) for trading perpetual futures, was hit by a sophisticated attack earlier Tuesday that left users reeling with losses of around $7 million.
The exploit unfolded across multiple blockchain networks and appeared to stem from a vulnerability in the platform’s price oracle system, per blockchain analysis firm Cyvers.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
An attacker, using a wallet funded through Tornado Cash — a tool that obscures transaction trails — executed a series of transactions on the Base, BNB Chain, and Taiko networks to take advantage of a flaw in the platform’s price oracle system, which allowed the attacker to manipulate asset prices.
🚨7M HACK ALERT🚨Our system has detected multiple suspicious transactions involving @KiloEx_perp across several chains.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 14, 2025
An address funded via @TornadoCash has executed a series of exploitative transactions on the $BNB, $Base, and $Taiko chains — accumulating approximately $7M in… pic.twitter.com/od4UTsSrXs
KiloEx has since confirmed the breach, suspended platform operations, and is now working with partners to trace the stolen funds and blacklist the attacker’s wallet.
The DEX offered the hacker 10% of the bounty if they returned 90% of the funds.
Oracles are blockchain-based tools that relay any type of outside data to a blockchain, where smart contracts use that data to make decisions for a financial application. That is, the oracle tells the platform whether ether is worth $2,000 or $3,000, ensuring trades happen at fair market prices.
But oracles can be a weak link. In KiloEx’s case, the attacker exploited a price oracle access control vulnerability — essentially, a flaw that let them tamper with data by using flash loans (or temporary liquidity) that tricked the system into believing false prices.
The attacker manipulated the oracle to report an absurdly low price for ETH (say, $100) when opening a leveraged trading position. Leverage allows traders to borrow funds to amplify their bets, so a fake price can create massive distortions.
This made it look like they’d made a huge profit, which they then withdrew from KiloEx’s vault. The attacker repeated this across Base, BNB Chain, and Taiko, exploiting KiloEx’s cross-chain setup to maximize gains before the platform could react.
In one reported transaction, the attacker netted $3.12 million in a single move.
This isn’t the first time a DeFi platform has been hit by oracle manipulation. Similar attacks have targeted platforms like Mango Markets in 2022, where $100 million was stolen, and Cream Finance in 2021, with losses of $130 million.
More For You
Pudgy Penguins is building a multi-vertical consumer IP platform — combining phygital products, games, NFTs and PENGU to monetize culture at scale.
What to know:
Pudgy Penguins is emerging as one of the strongest NFT-native brands of this cycle, shifting from speculative “digital luxury goods” into a multi-vertical consumer IP platform. Its strategy is to acquire users through mainstream channels first; toys, retail partnerships and viral media, then onboard them into Web3 through games, NFTs and the PENGU token.
The ecosystem now spans phygital products (> $13M retail sales and >1M units sold), games and experiences (Pudgy Party surpassed 500k downloads in two weeks), and a widely distributed token (airdropped to 6M+ wallets). While the market is currently pricing Pudgy at a premium relative to traditional IP peers, sustained success depends on execution across retail expansion, gaming adoption and deeper token utility.
More For You
Bitcoin climbs above $89,000 as U.S. dollar tumbles on President Trump's remarks
The president said he isn't concerned about the dollar's recent declines, sending the greenback plunging even lower.
What to know:
- Bitcoin rallied above $89,000 as remarks by President Trump sent the dollar to its lowest level in nearly four years.
- Gold rose to a new record above $5,200 per ounce following the president's comments.
- One analyst is seeing a bullish technical divergence which could send bitcoin back to $95,000 in short order.
Top Stories
