Kiloex, a newly launched, permanent trading platform backed by YZI Labs (formerly Binance Labs), suffered from cross-chain exploits, resulting in theft of around $7 million.
The attack, which began on April 14th, is ongoing and affects the operations of the BNB Smart Chain, Base and the entire Taiko network.
Hackers use Tornado Cash to drain $7 million from Kiloex
Cyvers analysts report that the attacker used the tornado’s cache funding address to perform a series of coordinated transactions. We took advantage of the potential access control flaws in Kiloex’s Price Oracle System.
Evidence on the chain shows rapid fund movements between multiple chains. This raises concerns about the systematic vulnerability of multi-chain defi architectures.
Kiloex launched the Token Generation Event (TGE) on March 27th in a partnership with Binance Wallet and Pancakeswap. It is currently listed on Binance Alpha.
“The root cause was a potential priced Oracle Access Control vulnerability. Attackers are still actively exploiting the system, and USDC could be blacklisted,” Cyvers wrote.
The project was incubated by YZI Labs, the investment and innovation division, previously branded as Binance Labs.
The launch attracted a lot of attention thanks to its support and integration with BNB Smart Chain.
Following the attack, Kiloex has stopped its platform and worked with security partners to investigate violations and track stolen funds.
The team has announced plans to launch a bounty program to encourage support for white hats and recover user assets.
The incident sparked a sharp market response. The kilotoken plummeted 30%, with its market capitalization falling from $11 million to $7.5 million within hours of the attack.
The security team is actively monitoring the attacker’s wallet address. As repair efforts continue and vulnerabilities are further evaluated, the situation remains fluid.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
