Do Son 
The cryptocurrency exchange KiloEx has confirmed that its vault was compromised in a cyberattack which, according to the company, has since been contained. However, the attacker continues to attempt laundering the stolen assets through blockchain bridges such as zkBridge and Meson, potentially complicating efforts to trace the funds and recover the losses.
KiloEx representatives stated that they are urgently coordinating with the developers of the affected bridges to block transactions and prevent further financial damage. The investigation has drawn support from BNB Chain, Manta Network, Seal-911, as well as blockchain security teams SlowMist and Sherlock, both known for their expertise in tracking and analyzing cyber incidents within decentralized ecosystems.
Initial estimates place the total losses at approximately $7.5 million, spread across BNB, Base, and Taiko tokens. Experts have pointed to a vulnerability in the access control system of the price oracle as the root cause of the breach—specifically, a weakness in the top-level contract known as MinimalForwarder.
According to SlowMist, the absence of adequate access control checks in the MinimalForwarder contract allowed the attacker to manipulate the oracle’s operations. These oracles serve as vital bridges between real-world data and blockchain applications, transmitting live market prices and other external inputs. Tampering with them enables malicious actors to distort trading conditions on decentralized platforms.
SlowMist explains the attacker’s methodology: first, they artificially deflated the price of an asset and opened a long position; then, they swiftly inflated the price and cashed in the profits. By exploiting falsified pricing data, the attacker was able to engineer favorable market conditions for their own gain. Analysts at PeckShield, corroborating these findings, cited a striking example in which the ETHUSD price was manipulated from $100 to $10,000, netting the attacker $3.12 million in a single transaction.
KiloEx has announced plans to publish a comprehensive post-mortem report in the coming days and has offered a bounty for information leading to the recovery of stolen funds or the identification of the perpetrator. In doing so, the exchange is placing its trust in the broader community to help mitigate the fallout of the attack.
This incident starkly illustrates the critical importance of rigorous security checks within smart contracts—especially in oracle-dependent components. Even a minor oversight in contract architecture can pave the way for a large-scale breach if protective mechanisms are not diligently implemented.
