Binance-Backed KiloEx Suffers $7.5M Oracle Exploit, Halts Operations Amid Ongoing Investigation

Attacker Launders Stolen Funds Through Tornado Cash as DEX Offers $750K Bounty

Decentralized exchange KiloEx, a Binance Labs-backed platform operating across the BNB Chain, opBNB, and Manta Network, suspended operations on April 14 following a devastating exploit that drained $7.5 million in digital assets. The breach stemmed from a price oracle vulnerability that allowed an attacker to manipulate asset valuations across KiloEx’s markets and drain liquidity. 

The exchange, which launched in 2023 with financial backing from Binance Labs, confirmed that its team has since contained the exploit and is working with security firms, law enforcement, and other exchanges to recover the stolen funds.

The exploit unfolded through a classic oracle manipulation, where the attacker spoofed Ethereum (ETH) prices by artificially setting the value at $100 when opening positions and later closing them at $10,000. This significant price disparity enabled the withdrawal of large sums of capital across multiple chains. Cybersecurity firm PeckShield identified and confirmed the mechanics of the attack via transaction records on the Base blockchain. According to its analysis, the stolen funds were distributed as follows: $3.3 million drained from the Base blockchain, $3.1 million from opBNB, and another $1 million from Binance Smart Chain (BSC).

The attacker’s wallet, identified as 0x00fac92881556a90fdb19eae9f23640b95b4bcbd, has since become the focus of monitoring and blacklist requests across the DeFi community. KiloEx urged users, platforms, and protocols to proactively block interactions with the address. Adding a proactive measure to the mix, the DEX has offered a 10% white hat bounty—equivalent to $750,000—for the return of 90% of the stolen funds. If the perpetrator complies, KiloEx pledged to publicly acknowledge the cooperation, close the case, and refrain from pursuing further legal actions.

However, the exchange also issued a direct warning to the attacker, threatening legal exposure and full collaboration with global authorities in the event of non-compliance. "Your identity and activities will be exposed to relevant authorities. We will pursue legal action relentlessly," the team stated. The ultimatum was accompanied by an offer to settle the case privately if the funds are returned within the framework of the bounty program.

The situation has been further complicated by reports that the attacker funneled funds through Tornado Cash, a decentralized crypto mixer that has frequently appeared in major exploit cases and has drawn regulatory scrutiny for its use in obfuscating blockchain transaction trails. The laundering step adds another layer of difficulty for investigators attempting to trace the stolen assets.

KiloEx has not provided a concrete timeline for resuming its services but indicated that a full post-mortem report is currently in preparation. As of now, the technical details behind the oracle manipulation have not been published, though the exchange has pledged to release comprehensive findings soon. The attack underscores persistent security issues within DeFi, particularly for platforms relying on single-source price oracles or insufficiently defended pricing feeds.

The KiloEx exploit is the latest in a string of high-profile oracle manipulation incidents in DeFi. Mango Markets lost $114 million in a similar attack in October 2022, while Venus Protocol saw $100 million drained under comparable circumstances in May of the same year. These recurring vulnerabilities point to the need for more resilient pricing infrastructure in decentralized markets—especially as attackers continue to exploit weak oracle integrations with increasing precision.

KiloEx announced on April 19, 2025 that it has fully recovered the stolen funds from the breach. This quick resolution is particularly impressive, as only 0.38% of stolen assets were typically reclaimed in the first quarter of this year—a drastic drop from 42.09% in the previous quarter.

Key to this success was a white-hat hacker who played a crucial role in retrieving the assets. In recognition of their efforts, KiloEx awarded them a 10% bounty of the recovered funds, emphasizing the value of ethical hacking in the fight against cybercrime.

The news sparked a positive market reaction, with KiloEx’s native token, KILO, jumping 14% in value within 24 hours. As KiloEx moves to formally close the case, it is collaborating closely with judicial authorities and acknowledges the expertise of SlowMist and BliteZer in managing such incidents. 

This recovery comes amid troubling trends in the cryptocurrency world, with CertiK reporting that $1.67 billion in assets were stolen in Q1 2025—a staggering 303% increase from the previous period, largely driven by the $1.45 billion Bybit incident. As security breaches rise, KiloEx’s swift recovery serves as a hopeful beacon for the industry.

This article has been refined and enhanced by ChatGPT.