Another so-called decentralized crypto platform has suffered an exploit, resulting in millions of losses.
KiloEx confirmed that its vault has been exploited, claiming that the exploit is now contained. However, the attacker is now trying to move funds via so-called blockchain bridges such as zkBridge and Meson.
"We are urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses," the exchange said, adding their team is collaborating with BNB Chain, Manta Network, Seal-911, SlowMist, and Sherlock in an attempt to investigate the exploit and trace the stolen assets.
Crypto security analysts estimate that KiloEx has lost $7.5 million worth of BNB, base, and taiko tokens. Multiple analysts point to a price oracle access control vulnerability as the cause of the exploit.
"The root cause of the [KiloEx] exploit is the lack of access control checks in the top-level contract (MinimalForwarder), which leads to the manipulation of oracle prices," SlowMist said.
Oracles are programs that help communicate "real-world" information between a source and a blockchain.
The analysts stressed that the vulnerabilities in the MinimalForwarder contract allow tampering with prices. Therefore, according to SlowMist, the attacker managed to modify the price to a very low value and used it to open a trading position that bets on a price increase. Next, the criminal immediately closed the position for profit after artificially increasing the price.
PeckShield also shared their initial analysis, pointing to the price oracle issue.
"And the hacker exploits it to create a new position with initial given ETHUSD price of 100 and then immediately closes the position with INFLATED ETHUSD price of 10000, netting the $3.12m profit in one single [transaction]," they explained.
Meanwhile, KiloEx said it’ll share a full report about the incident in the coming days. A bounty program has also been promised.
Your email address will not be published. Required fields are markedmarked