KiloEx DeFi exploit drains $7 million, sparking cross-chain security concerns
- Vulnerability exploited through price oracle manipulation.
- Operations paused as KiloEx investigates the breach.
- KILO token market cap dropped from $11M to $7.5M.
The DeFi sector faced another major test this week as KiloEx, a newly launched perpetual trading platform backed by YZi Labs (formerly Binance Labs), suffered a coordinated exploit that drained approximately $7,000,000.
The attack, which took place on 14 April, targeted BNB Smart Chain, Base, and Taiko—three blockchains central to KiloEx’s multi-chain infrastructure.
The incident, coming just weeks after its Token Generation Event on 27 March, disrupted the platform’s early momentum and sent the KILO token into a steep decline.
Exploit spanned three chains
Copy link to sectionBlockchain security firm Cyvers confirmed that the attack originated from a wallet funded via Tornado Cash.
The hacker exploited a vulnerability in KiloEx’s price oracle, a mechanism that determines asset pricing across the trading platform.
🚨7M HACK ALERT🚨Our system has detected multiple suspicious transactions involving @KiloEx_perp across several chains. An address funded via @TornadoCash has executed a series of exploitative transactions on the $BNB, $Base, and $Taiko chains — accumulating approximately $7M in
By manipulating oracle data across BNB Smart Chain, Base, and Taiko, the attacker was able to execute arbitrage trades and extract funds across multiple liquidity pools.
The cross-chain nature of the exploit allowed the attacker to spread operations across networks, making detection and mitigation more difficult.
This incident has renewed scrutiny over the risks associated with decentralised platforms offering multi-chain services without rigorous pre-launch audits.
Operations paused for investigation
Copy link to sectionIn response to the attack, KiloEx suspended all trading activity and issued a statement confirming the breach.
The team is now working on a bug bounty programme to involve white-hat hackers in tracing the stolen assets and uncovering the technical weakness that allowed the exploit.
Though KiloEx has not confirmed when the platform will resume operations, it remains active on social media, promising transparency and ongoing updates.
The company has also not yet disclosed whether affected users will be reimbursed or if further security measures will be implemented.
Token loses a third of value
Copy link to sectionThe KILO token saw a swift selloff following the incident. Its market capitalisation dropped from $11,000,000 to $7,500,000 as investors reacted to the platform’s vulnerability.
Within hours, KILO lost around 30% of its value, with liquidity thinning rapidly on decentralised exchanges.
This sharp decline raises fresh concerns about investor protection in DeFi markets, especially for tokens linked to newly launched projects.
The price action also suggests a significant loss of confidence, at least in the short term, as market participants await clarity from the KiloEx team.
Tracking attacker wallet continues
Copy link to sectionSecurity experts are still monitoring the wallet associated with the exploit, which remains active at the time of writing. On-chain analytics suggest the attacker has yet to fully launder the funds.
Part of the stolen amount was moved in USDC, raising the likelihood that those assets may be blacklisted by Circle, as has been done in similar past incidents.
The breach highlights persistent challenges in securing decentralised platforms that operate across chains. Poor oracle design, especially in systems that rely on real-time price feeds across networks, can create exploitable gaps.
Unless addressed, these weaknesses threaten user trust and the broader credibility of cross-chain DeFi applications.
As the investigation continues, KiloEx’s recovery efforts will be critical in determining whether the platform can rebuild its reputation or be added to the growing list of exploited DeFi projects.
More industry news
