KiloEx Hack

On April 15, 2025, KiloEx, a decentralized exchange (DEX) focused on perpetual futures trading, was exploited through a sophisticated attack that targeted a vulnerability in its price oracle system, leading to $7 million in user losses. The attacker used a wallet funded via Tornado Cash and executed cross-chain transactions on Base, BNB Chain, and Taiko to manipulate asset prices fed into KiloEx’s smart contracts. This exploit once again highlighted the security risks tied to oracles in decentralized finance (DeFi), which serve as critical links between off-chain data and on-chain decision-making.

Remarkably, by April 18, KiloEx announced that all stolen funds had been recovered—an uncommon outcome in the DeFi space—thanks to swift coordination with the community and assistance from white hat hackers. In recognition of their efforts, KiloEx issued a 10% bounty and engaged legal authorities and third-party experts, including SlowMist and Blitezero, to finalize the recovery process. News of the fund recovery boosted confidence, causing KILO, the exchange’s native token, to spike 14% within a 24-hour period.

Despite this successful resolution, the incident serves as a stark reminder of DeFi’s fragility. In Q1 2025 alone, the crypto industry saw $1.67 billion in thefts, with only 0.38% recovered. KiloEx’s experience reinforces the critical need for hardened oracle infrastructure, better pre-deployment testing, and collaborative incident response mechanisms.