KiloEX, a decentralized exchange backed by Binance Labs, has suspended all operations following a $7.5 million exploit linked to a price oracle vulnerability. The breach, confirmed on Monday, is the latest in a string of high-profile attacks targeting DeFi platforms through oracle manipulation.
The platform—launched in 2023 on BNB Chain, opBNB, and Manta Network—said it had contained the exploit and is now working with cybersecurity firms to trace the stolen funds. In a statement posted to X, KiloEX identified the attacker’s wallet and urged all users and partner protocols to block it immediately.
To recover losses, the team has offered the attacker immunity in exchange for the return of 90% of the stolen assets. If ignored, KiloEX says it will pursue legal action and cooperate with law enforcement agencies to unmask the perpetrator.
KiloEX has not provided a timeline for resuming services, leaving thousands of users in limbo as investigations unfold.
Inside the Exploit: Oracle Manipulation Unleashed
The attack appears to stem from a vulnerability in KiloEX’s price oracle system, according to security firm PeckShield. Price oracles provide critical external data—such as ETH or BTC prices—to smart contracts. When these feeds are manipulated, attackers can fabricate arbitrage conditions and siphon funds.
In this case, the hacker allegedly opened Ethereum positions at a falsely low price ($100) and closed them at an inflated price ($10,000)—enabling massive, artificial gains. Blockchain data reveals that the exploit led to the loss of approximately $3.3 million on Base, $3.1 million on opBNB, and $1 million on Binance Smart Chain.
The attacker’s wallet was reportedly funded through Tornado Cash, a controversial mixer tool used to obscure fund origins—raising suspicions that the exploit was premeditated and professionally executed.
A Familiar Threat in DeFi
KiloEX now joins a growing list of DeFi platforms brought down by oracle flaws. In 2022, Mango Markets lost $114 million and Venus Protocol suffered a $100 million breach—both involving manipulated price feeds.
Despite its backing from Binance Labs, KiloEX’s failure to implement multi-source, tamper-resistant oracles exposed it to the same systemic risks that have plagued other DeFi protocols.
The exchange has announced plans to launch a white-hat bounty program and will release a forensic report to improve transparency and encourage community-led investigations.
Quick Facts
- KiloEX halted operations after a $7.5 million exploit tied to price oracle manipulation.
- The attacker allegedly manipulated ETH prices, exploiting discrepancies across Base, opBNB, and BSC.
- 90% return-for-immunity offer issued to the attacker; law enforcement cooperation pending.
- The breach underscores ongoing security gaps in DeFi oracle architecture and the need for multi-source feeds.
