KiloEx DEX Exchange Hacked for $7.5 Million and Its Impact on the Market

Decentralized exchange (DEX) KiloEx, a perpetual futures trading platform backed by YZi Labs (formerly Binance Labs), has been the victim of a cross-chain attack that resulted in a loss of approximately $7.5 million. The incident was first detected by blockchain security platform Cyvers Alerts at 19:30 UTC, and later confirmed by the KiloEx team itself.

4/15/20253 min read

Event Background

On April 14, 2025, the KiloEx decentralized exchange (DEX), a perpetual futures trading platform backed by YZi Labs (formerly Binance Labs), fell victim to a cross-chain attack, resulting in a loss of approximately $7.5 million. The incident was first detected by blockchain security platform Cyvers Alerts at 19:30 UTC, and was later confirmed by the KiloEx team itself. The event sent shockwaves through the decentralized finance (DeFi) community, raising concerns about the security of emerging DeFi protocols.

The attack exploited a vulnerability in the access control mechanism of the price oracle (the part that provides market prices for the protocol). The hacker used this vulnerability to manipulate asset prices, opening a position at a fake ETH/USD price of $100, then closing the position at a price that spiked to $10,000, thereby cashing out a huge profit in a single transaction. The stolen funds were distributed across multiple chains, including $3.3 million on Base, $3.1 million on opBNB, and $1 million on BNB Chain (BSC).

Details of the attack

The hacker used a wallet funded through Tornado Cash – a transaction anonymizer often used by cybercriminals to hide the origin of funds. According to a report from PeckShield, the hacker’s wallet address (0x00fac92881556a90fdb19eae9f23640b95b4bcbd) made a series of suspicious transactions on the Base, Taiko, and BNB Chain chains. The price oracle vulnerability allows hackers to manipulate price data, a common problem in DeFi protocols if not designed with tight security mechanisms.

After discovering the attack, KiloEx immediately suspended the platform and informed the community in an official statement: “We regret to inform you that the KiloEx Vault has been exploited.” The KiloEx team also called on partner protocols and platforms to blacklist the hacker’s wallet to limit the transfer of stolen funds, including the stablecoin USDC, an asset that can be blocked or disabled by issuers (like Circle).

Impact on the market and the KILO token

The hack had a severe impact on KiloEx and the platform's native token, KILO. The token's price plummeted 30.9% in just 24 hours after the attack, down to $0.0353.

Within a week, the value of KILO dropped another 18.6%, and compared to its all-time high of $0.1648 reached in late March 2025, the token has lost more than 78% of its value.

KILO’s market capitalization also dropped from $11 million to $7.5 million in just a few hours. However, the token’s trading volume spiked, suggesting that many investors sold off immediately after the news was announced.

Response from KiloEx and the community

The KiloEx team immediately implemented remedial measures, including suspending all trading operations to prevent further losses.

They also launched a bounty program, encouraging the community to help recover stolen assets, and worked with partners to track the hacker's money.

However, the decentralized finance community expressed deep disappointment and concern. The incident comes amid a surge in similar attacks, with total losses in the cryptocurrency industry hitting a record $1.64 billion in the first quarter of 2025 alone, with decentralized finance protocols suffering major losses across dozens of incidents.

Lessons and prospects

The KiloEx hack is an important warning about security risks in the decentralized finance space, especially with new platforms. One of the big takeaways is the need to protect the price feed system, which is a common vulnerability if not designed carefully.

Protocols need to adopt multi-source or decentralized mechanisms to reduce the risk of manipulation. In addition, thorough audits and security testing before launch are prerequisites to avoid similar incidents. KiloEx, despite being backed by big names and having just held a token launch event in late March 2025, failed to anticipate this vulnerability, leading to serious consequences.

Going forward, how KiloEx handles the crisis will determine its resilience. Steps such as transparency in investigations, user compensation, and security upgrades are necessary to regain the trust of the community. However, this incident also highlights the overall challenge of the decentralized finance industry in ensuring safety against increasingly sophisticated threats.