KiloEX DEX hacked through oracle exploit, losses rise to $7M

KiloEX, a perpetual futures DEX, showed unusual activity pointing to a possible hack. Investigators estimate an initial loss of over $6M. 

KiloEX, one of the emerging perpetual futures DEXs, was exploited, with losses reaching $6M based on initial estimations. Investigator Chaofan Shou first noticed the exploit. 

The estimation is that an attacker gained control of price oracles, leading to drained liquidity from altered price information. Within the first hour after the hack, Shou discovered that KiloEX suffered from a total vulnerability, where anyone could set up the price oracle to any value. 

.@KiloEx_perp is hacked. $6M+ loss already. Likely due to price oracle access control issues. pic.twitter.com/4jpQJZYLys

— Chaofan Shou (svm/acc) (@shoucccc) April 14, 2025

Cyvers Alerts also started tracking the exploit, and estimated that the losses quickly expanded to $7M. This time, the attack is multi-chain, affecting tokens on BNB Smart Chain, Base, and Taiko. The investigators pointed out that multiple tokens were affected, and the attack was still ongoing. 

The initial address of the hacker was funded by Tornado Cash, leading to suggestions the exploit may be the work of DPRK hackers. The hacker used MetaMask for transfers and bridging to other chains in order to target KiloEX, which operates on BNB Smart Chain and Manta Network.

During the exploit, the hackers did not target the Ethereum chain, instead, they ended up with stablecoins on other networks. An hour after the hack, most of the haul sat in known large wallets, with no signs of splitting or transfers to Tornado Cash. 

Some of the withdrawals affected USDC and USDT, as on-chain investigators are now attempting to freeze the tokens. The trackers have already flagged a destination address on BNB Smart Chain, carrying over $3.1M USDT. 

Following the exploit, the KILO native token crashed, further erasing value. KILO lost nearly 17% of its value, sinking from $0.049 to $0.040. 

Hackers are targeting DeFi projects once again, after the GMX exploit at the end of March. Smart contract vulnerabilities and price determination may allow hackers to withdraw valuable assets. The project’s liquidity is provided by users seeking passive returns, making the exploit even more harmful for end users. 

KiloEX grew its activity just before the hack

KiloEX has been around since the 2023 bear market, spending most of its time in building and expanding its presence. In the past quarter, KiloEX increased its influence, volumes and value locked. Just before the hack, the DEX announced a liquidity boost event to trade some of the hottest BNB Smart Chain meme tokens. 

The DEX now carries $47.2M in total value, remaining a potentially valuable target for hackers to drain multiple pools. 

KiloEX doubled its volumes in the past day, carrying over $31.8M in activity. Over $22M of that volume is in the BTC/USDT perpetual futures pair, with a small selection of tokens on several chains. 

One of the sources of activity for KiloEX was its airdrop farming program. The DEX offered perpetual futures trading with up to 100X leverage. Current users complained that the hack erased the value earned from airdrops. 

I've been farming @KiloEx_perp for a year

Believed and invested in it because I love their concept so much

Spent about 500k dollars working on it to what?

My 65k dollars drop was stolen so there was nothing at all?

It's just another disappointment…. pic.twitter.com/xtY8H91xNE

— ben.sol 🧩 (@elailegion) April 14, 2025

KiloEX expanded its activity at a time when perpetual DEX were drawing in more users. The volatile BTC market and the ability for high-leverage trading led to increased demand for perpetual DEX. KiloEX also settles all trades on-chain, meaning the exploiter could lock in gains immediately, but it has no ability to lock withdrawals. KiloEX is a no-KYC exchange, offering completely anonymous access to its trading pairs. 

KiloEX aimed to become a competitor to Hyperliquid and GMX, with up to 100X leverage on BTC, ETH, and BNB. The KiloEX DEX operates on a smaller scale, but it aims to copy the successful model. KiloEX raised just $750k through a mix of launchpool sales, IDO, and a strategic funding round. The project received support from YZi Labs and Manta Network, tapping the growing activity on BNB Smart Chain.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More