A decentralized exchange based on BNB Smart Chain, KiloEx has suffered a $7.4 million hack. In a post on late Monday, Cyvers, a blockchain analytical firm reported that the DEX endured a price oracle access control exploit.
According to the blockchain security firm, the hacker gained access to the system, giving them an opportunity to carry out the mischievous act. Cyvers initially indicated that the attack was ongoing as of when it raised the alarm, attracting the attention of KiloEx.
Peckshield in a post attributed the attack to a price oracle issue, revealing that the hacker manipulated the value of ETH/USD In a smart contract. The firm said the bad actor manipulated prices to make an illicit gain of $3.12 million in a single transaction.
Furthermore, Peckshield narrated that the stolen assets include $3.3 million from Base, $3.1 million on opBNB, and $1 million on Binance Smart Chain (BSC). Meanwhile, the latest attack on KiloEx illustrates the growing trend of hacks on DeFi projects.
Within the first quarter of the year, the industry already lost more than $1.6 billion to hackers, with Bybit and Phemex among the high-profile attacks. As revealed, the BNB chain, the host network of KiloEx suffered most of the attack by recording 19 separate cases.
Similarly, Ethereum, during Q1 2025, recorded 15 separate exploits highlighting the increasing cyber attacks in the cryptocurrency space. In March alone, the industry recorded more than 20 cyber hacks that claimed more than $33 million.
How KiloEx responded to the attack
In response, the KiloEx team, while confirming the attack, reached out to some of its protocol and platform partners to stop the bad actor from inflicting more damage. In a separate post on X, KiloEx revealed that it has kick-started the process of tracing and reclaiming the stolen assets.
The decentralized exchange said the hacker moved the funds through zkBridge and Meson. As part of the recovery efforts, the DEX intended to launch a bounty program that would see the hacker return 90% of the funds while keeping 10%.
KiloEx warned the attacker that it has received some key details relating to the traces of the funds, thanks to the support of various cryptocurrency exchanges and enforcement agencies. Consequently, the project team threatened to freeze the assets if the hacker refused to return the funds within 72 hours.
The DEX vowed not to pursue the issue further unless the attacker returns the funds, however, refusal to do the needful will trigger serious consequences. So far, KiloEx stated that it has reached out to some of its ecosystem partners like BNB Chain, Manta Network, SlowMist, Sherlock, and Seal-911 to track the hacker.
Read More: