Decentralized derivatives exchange KiloEx has suspended all platform activity after suffering a $7.5 million exploit, with the team now working alongside major blockchain networks and cybersecurity firms to trace and recover the stolen funds.

Exploit Details and Immediate Response

The breach, discovered on April 14, 2025, saw hackers drain approximately $7.5 million in assets, including funds on Base, opBNB, and BSC, by exploiting a vulnerability in KiloEx’s price oracle system. Security analysts from PeckShield and SlowMist identified the root cause as a lack of proper access control in the platform’s MinimalForwarder contract, which allowed the attacker to manipulate asset prices. The hacker reportedly opened a position with an artificially low ETH/USD price and then closed it at a massively inflated value, netting millions in a single transaction.

Image Source: KiloEx

Upon detecting the exploit, KiloEx immediately suspended all platform operations and began collaborating with BNB Chain, Manta Network, and leading cybersecurity firms Seal-911, SlowMist, and Sherlock to investigate the incident and trace the movement of stolen assets. The team confirmed that the funds are currently being routed through cross-chain bridges zkBridge and Meson, and is urgently working with these protocols to freeze ongoing transactions and prevent further losses.

Community and Industry Response

Image Source: KiloEx

KiloEx has published the attacker’s wallet addresses and called on partner platforms to blacklist them, urging the broader Web3 community to assist in halting the movement of stolen funds. The exchange has also announced plans for a bounty program to incentivize information leading to the recovery of assets, and promised a comprehensive post-mortem report detailing the exploit and future security measures.

The incident has had a significant impact on KiloEX’s native token, $KILO, which plunged over 27% to $0.03596 following the news, down more than 78% from its all-time high in late March.

Broader Context

This exploit comes just days after KiloEx announced a partnership with DWF Labs to expand its market presence, and amid a broader surge in DeFi-related hacks. According to Immunefi, Q1 2025 has already seen $1.64 billion stolen from crypto platforms, making it the worst quarter on record for such incidents.

KiloEx has assured users that it will provide regular updates as the investigation progresses and is committed to transparency throughout the recovery process. The team’s immediate focus remains on tracing the stolen funds, collaborating with ecosystem partners, and implementing enhanced security protocols to prevent future incidents.