KiloEx Suffers $7 Million Loss from Oracle Manipulation Attack
KiloEx, a decentralized exchange (DEX) for perpetual futures, suffered an attack resulting in losses of approximately $7 million. The exploit targeted the platform's price oracle system and affected multiple blockchain networks.
- The attacker used a wallet funded through Tornado Cash to execute transactions on Base, BNB Chain, and Taiko networks.
- A vulnerability in KiloEx’s price oracle system allowed manipulation of asset prices.
- The breach led to the suspension of platform operations, with KiloEx collaborating to trace stolen funds and blacklist the attacker's wallet.
- Oracles provide external data to blockchains, but can be vulnerable; in this case, the attacker exploited access control weaknesses to report false prices.
- By reporting an artificially low price for ETH, the attacker created the illusion of significant profits which were withdrawn from KiloEx's vault.
- In one transaction, the attacker gained $3.12 million.
- This incident follows previous oracle manipulation attacks on other DeFi platforms like Mango Markets and Cream Finance, resulting in substantial losses.