Source: Cointelegraph Original: "{title}"
Decentralized exchange (DEX) KiloEx has confirmed that it has suspended platform usage and is tracking stolen funds after suffering a $7.5 million vulnerability attack.
The KiloEx team stated in a declaration on the X platform on April 14 that the vulnerability attack has been contained, and the platform has been suspended while investigations are ongoing.
"The KiloEX team has immediately suspended platform usage and is working with security partners to trace the flow of funds," KiloEX stated.
"We are analyzing the attack vector and the affected assets. We are collaborating with ecosystem partners to trace and recover funds as much as possible."
Source: KiloEX
According to KiloEX, a complete report on the process of the vulnerability attack and a bounty program are also being developed.
In the latest update, the KiloEX team stated that they are collaborating across "multiple ecosystems" with BNB Chain, Manta Network, and cybersecurity companies Seal-911, SlowMist, and Sherlock.
"Our investigation confirms that the stolen assets are currently being transferred via zkBridge and Meson," KiloEX stated.
"We are urgently engaging with these two protocols to stop ongoing transactions and prevent further losses."
Cybersecurity company PeckShield stated in a post on the X platform on April 14 that the attackers stole a total of $7.5 million, including $3.3 million in Base assets, $3.1 million in opBNB assets, and $1 million in BSC assets.
The company speculated that the vulnerability may be a "price oracle issue," where the information used by smart contracts to determine asset prices is manipulated or inaccurate, leading to the exploitation of the vulnerability.
"Our preliminary analysis of one of the transaction attacks indicates that this is a price oracle issue," PeckShield stated.
Source: PeckShield
"The hacker exploited this vulnerability to create a new position, with an initial ETH/USD price of $100, and then immediately closed the position at a manipulated ETH/USD price of $10,000, profiting $3.12 million in a single transaction."
Chaofan Shou, co-founder of blockchain analysis company Fuzzland, also participated in the discussion, speculating that this attack was likely caused by a price oracle issue.
"Anyone can change Kilo's price oracle. While they verified that the caller must be a trusted forwarder, they did not verify the forwarded caller," Shou stated.
When asked about the complexity of the vulnerability, Shou added that it is a "very simple vulnerability."
Source: Chaofan Shou
According to data from CoinGecko, this news caused KiloEx's native token Kilo to plummet over 27%, with trading prices dropping to $0.03596. The token is currently down over 78% from its all-time high of $0.1648 set on March 27.
KiloEx was established in 2023, supported by Binance Labs as the main investor and strategic partner.
This attack occurred just after the exchange announced on April 13 a partnership with Dubai-based Web3 venture capital firm DWF Labs, aimed at expanding KiloEx's market influence and accelerating its growth.
On March 25, DWF Labs launched a $250 million liquidity fund aimed at accelerating the development of mid-to-large blockchain projects and promoting the application of Web3 technology in the real world.
Related: DWF Labs launches $250 million fund to drive mainstream cryptocurrency adoption
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
