Apr 15, 03:25 PM

KiloEx Decentralized Exchange on BNB Smart Chain Suffers $7.5 Million Oracle Manipulation Hack Exploiting Access Control Vulnerability

KiloEx, a decentralized exchange operating on the BNB Smart Chain, suffered a price oracle manipulation attack in April 2025 resulting in losses estimated between $7 million and $7.5 million. The exploit targeted the exchange's perpetual futures trading platform, leveraging a vulnerability in an unprotected minimal forwarder contract that lacked access controls. This allowed the attacker to manipulate asset prices, opening positions at artificially low prices and closing them at inflated highs to extract profits. The attack affected transactions across multiple chains, including BNB, Base, and Taiko. Security firms such as Cyvers and HalbornSecurity have confirmed the root cause as a price oracle vulnerability combined with access control weaknesses. The attacker reportedly used Tornado Cash to fund the exploit.

#KiloEx #BNB Smart Chain #BNB #Base #Taiko #Cyvers #HalbornSecurity #Tornado Cash

Written with ChatGPT (GPT-4).

Sources

Additional media

Image #1 for story kiloex-decentralized-exchange-on-bnb-smart-chain-suffers-7-5-million-oracle-hack-44316c2f

Image #2 for story kiloex-decentralized-exchange-on-bnb-smart-chain-suffers-7-5-million-oracle-hack-44316c2f