May 12, 2025
11 11 11 AM
Latest Post
Bitcoin DeFi Security Improves as Rootstock Boosts Hashrate Share Bitcoin Challenges $105K on Positive Weekend Macro Headlines Lido Proposes a Bold Governance Model to Give stETH Holders a Say in Protocol Decisions State of Crypto: Mapping Out the Senate Stablecoin Bill’s Next Steps Analysis: Coinbase Is Buying Bitcoin, Just Don’t Call It a Treasury Strategy. Dogecoin Surges 10%, Bitcoin Nears $104K Amid Renewed ‘Risk-on’ Sentiment As Meta Said to Mull Tokens, Senator Warren Calls for Blocking Big Tech Stablecoins Bitcoin Miner MARA Stock Surges Despite Earnings Miss as Analysts Applaud Cost Cutting Trump Family Profited $320M on Memecoin Despite 87% Decline Since Day One CoinDesk Weekly Recap: Even ETH Is Up

DEX KiloEx Loses $7M in Apparent Oracle Manipulation Attack

KiloEx, a decentralized exchange (DEX) for trading perpetual futures, was hit by a sophisticated attack earlier Tuesday that left users reeling with losses of around $7 million.

The exploit unfolded across multiple blockchain networks and appeared to stem from a vulnerability in the platform’s price oracle system, per blockchain analysis firm Cyvers.

An attacker, using a wallet funded through Tornado Cash — a tool that obscures transaction trails — executed a series of transactions on the Base, BNB Chain, and Taiko networks to take advantage of a flaw in the platform’s price oracle system, which allowed the attacker to manipulate asset prices.

KiloEx has since confirmed the breach, suspended platform operations, and is now working with partners to trace the stolen funds and blacklist the attacker’s wallet.

Oracles are blockchain-based tools that relay any type of outside data to a blockchain, where smart contracts use that data to make decisions for a financial application. That is, the oracle tells the platform whether ether (ETH) is worth $2,000 or $3,000, ensuring trades happen at fair market prices.

But oracles can be a weak link. In KiloEx’s case, the attacker exploited a price oracle access control vulnerability — essentially, a flaw that let them tamper with data by using flash loans (or temporary liquidity) that tricked the system into believing false prices.

The attacker manipulated the oracle to report an absurdly low price for ETH (say, $100) when opening a leveraged trading position. Leverage allows traders to borrow funds to amplify their bets, so a fake price can create massive distortions.

This made it look like they’d made a huge profit, which they then withdrew from KiloEx’s vault. The attacker repeated this across Base, BNB Chain, and Taiko, exploiting KiloEx’s cross-chain setup to maximize gains before the platform could react.

In one reported transaction, the attacker netted $3.12 million in a single move.

This isn’t the first time a DeFi platform has been hit by oracle manipulation. Similar attacks have targeted platforms like Mango Markets in 2022, where $100 million was stolen, and Cream Finance in 2021, with losses of $130 million.

This post was originally published on this site