KiloEX DEX Hacked by "Price Oracle Exploit" for $7.5 Million
In a shocking turn of events, the decentralized exchange (DEX) KiloEX has fallen victim to a massive hack worth $7.5 million. The attack, which has been described as a 'price oracle exploit,' has left security analysts and users alike wondering how such a sophisticated attack could occur on a platform that was designed to provide greater control over user funds.
KiloEX, which is built on the BNB chain, was funded by Binance Labs as part of its programme to support Binance Coin (BNB) projects. Despite this backing, the DEX has been unable to prevent the attack, which has led to widespread concern among users and the broader cryptocurrency community.
The hack was discovered when KiloEX isolated the exploit and suspended its platform. Security analysts have since confirmed that the attacker used an address with funds sourced from Tornado Cash, leading some to believe that North Korean hackers may be behind the attack due to their propensity to use mixers as part of their attacks.
The attacker used MetaMask to transfer the funds, but for reasons unknown, they did not target Ethereum instead focusing on withdrawing stablecoins. The stolen funds sat in separate wallets without indicating that Tornado Cash was being used to hide the tokens.
Causing Maximum Losses for Users
The KiloEX vault, which was predominantly where users stored their tokens, was the main target of the intruders, causing maximum losses for users. In a surprising move, KiloEX has chosen to reward anyone who helps them retrieve the stolen funds, showcasing its commitment to making things right.
A Novel Approach to Dealing with Breach
KiloEX has developed a novel approach to dealing with the breach by creating a final report outlining what went wrong. This move is aimed at preventing similar attacks in the future and providing users with transparency and accountability.
Preventing Stolen Money from Entering the Wider Economy
Blacklisting addresses has become the latest strategy for platforms to prevent stolen money from entering the wider economy. KiloEX has shared the attacker's address, allowing other platforms to take proactive measures and prevent further withdrawals of the stolen funds.
History of KiloEX and its Recent Attack
KiloEX has been around since 2023 and recently started expanding its operations. The DEX introduced more BNB-based meme tokens for users to exchange, despite this recent attack, the DEX still boasts a total value of $47.2 million in assets.
The Role of Price Oracles
Price Oracles serve as a gateway between the DEX and the external world, grabbing the price of tokens like Bitcoin or Ethereum to decide how much money a trader made. In the case of KiloEX, the attacker manipulated the Price Oracle so that the exchange disproportionately paid out a reward.
The Attack: A Simple yet Devastating Process
Chaofan Shou, co-founder of Fuzzland, believes that the attack was most likely due to a price oracle issue. The lack of verification after the forward is completed made it an easy exploit for anyone who knew how to manipulate the system.
A Cautionary Tale for Cryptocurrency Platforms
The KiloEX hack serves as a reminder for cryptocurrency platforms to prioritize security and take proactive measures to prevent similar attacks in the future. The consequences of such attacks can be devastating, but with transparency, accountability, and innovative solutions, it's possible to minimize the damage.