KiloEx Suffers $7M Hack Amid Ongoing Cross-Chain Exploit, Token Plummets 30%

**KiloEx Suffers $7 Million Cross-Chain Exploit, Shaking DeFi Community**

KiloEx, a newly launched perpetual trading platform supported by YZi Labs (previously known as Binance Labs), has fallen victim to a devastating $7 million cross-chain exploit. The attack, affecting operations across the BNB Smart Chain, Base, and Taiko networks, was first detected on April 14, 2025, and remains ongoing. As a result, the platform has suspended its services while security teams investigate the breach and work to trace the attackers.

### Hackers Use Tornado Cash to Fund Attack

Blockchain security firm Cyvers reports that the attacker exploited a flaw in KiloEx’s price oracle system, which allowed for unauthorized manipulation across multiple blockchains. The attack was funded via Tornado Cash, a privacy-focused tool that obscures the origin of the funds. According to Cyvers, the root cause of the exploit was a vulnerability in the access control of the price oracle. The attacker continues to exploit the system, moving funds rapidly between chains, which highlights the risks inherent in multi-chain decentralized finance (DeFi) protocols.

“The root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system,” Cyvers stated in an update.

The breach exposes significant weaknesses in multi-chain DeFi architectures, particularly for emerging protocols like KiloEx.

### KiloEx's Promising Launch Turns Into a Nightmare

KiloEx was launched with high expectations following its Token Generation Event (TGE) on March 27, 2025. Backed by Binance Wallet and listed on Binance Alpha, the platform quickly gained attention, thanks in part to its association with YZi Labs, Binance’s newly rebranded innovation arm. The project’s early success was amplified by its support from PancakeSwap and other prominent DeFi players.

However, the exploit has left a trail of devastation. In the wake of the breach, the KILO token plummeted by 30%, and its market capitalization dropped from $11 million to $7.5 million within hours of the attack.

### Platform Suspended as Investigation Progresses

In light of the ongoing breach, KiloEx has paused all operations to contain the damage and collaborate with cybersecurity partners. The platform is working with blockchain security firms, including Seal-911, SlowMist, and Sherlock, to track the stolen funds and assess the full scope of the attack. KiloEx is also investigating the possibility of blacklisting certain USDC assets that may have been involved in the exploit's laundering process.

To mitigate future risks and recover the stolen assets, KiloEx has announced the launch of a white hat bounty program, inviting ethical hackers to assist with security improvements. The incident is rapidly becoming one of the most significant multi-chain exploits to hit the DeFi space in recent months.

### Broader Implications for DeFi Security

The KiloEx exploit raises larger questions about the security of DeFi protocols, particularly those that span multiple blockchain networks. The attack underscores the vulnerabilities in interconnected systems and the pressing need for more rigorous audits and security measures, especially for emerging platforms like KiloEx.

As YZi Labs, the organization behind the project, seeks to respond to this crisis, both security experts and regulatory observers will be closely monitoring its actions. The primary concern will be whether investor confidence in KiloEx—and the broader DeFi space—can be restored following this high-profile breach.