The KiloEx Oracle Exploit: How a $7.5 Million Price Manipulation Attack Exposed DEX Vulnerabilities

The decentralized exchange landscape faced another wake-up call on April 19, 2025, as Binance Labs-backed KiloEx confirmed a devastating $7.5 million oracle manipulation exploit that forced the platform to halt all operations. The attack, which unfolded across Base, opBNB, and Binance Smart Chain, represents one of the most technically straightforward yet damaging DeFi exploits of the year, exposing persistent weaknesses in how decentralized exchanges handle price data.

The Exploit Mechanics

The attacker executed a textbook oracle manipulation attack, exploiting a vulnerability in KiloEx’s price feed system that allowed them to artificially set Ethereum (ETH) prices at extreme values. According to cybersecurity firm PeckShield, which confirmed the attack mechanics through on-chain analysis, the attacker opened positions with ETH valued at just $100 and subsequently closed them at $10,000. This 100x price disparity enabled the withdrawal of massive sums of capital across multiple blockchain networks.

The stolen funds were distributed across three chains: $3.3 million drained from the Base blockchain, $3.1 million from opBNB, and an additional $1 million from Binance Smart Chain. The attacker’s wallet, identified as 0x00fac92881556a90fdb19eae9f23640b95b4bcbd, became the immediate focus of monitoring and blacklist requests across the DeFi community. Shortly after the exploit, the attacker began funneling funds through Tornado Cash, the decentralized crypto mixer that has appeared in numerous high-profile exploit cases, adding a layer of obfuscation that complicates recovery efforts.

Oracle manipulation attacks are not new to DeFi. KiloEx joins a growing list of platforms that have suffered similar fates, including Mango Markets, which lost $114 million in October 2022, and Venus Protocol, which saw $100 million drained in a comparable attack in May 2022. The recurring nature of these exploits points to a fundamental problem: many DeFi platforms still rely on single-source or inadequately defended pricing feeds.

Affected Systems

KiloEx, which launched in 2023 with financial backing from Binance Labs, operates as a decentralized perpetual exchange across BNB Chain, opBNB, and Manta Network. The platform’s multi-chain architecture, while offering users flexibility and lower fees, also expanded the attack surface. Each chain’s market required separate price feeds, and the exploit targeted the weakest link in that chain of data sources.

Bitcoin was trading at approximately $85,063 on the day of the exploit, with Ethereum at $1,612, according to CoinMarketCap data. The broader market remained relatively stable despite the incident, suggesting that the attack was contained to KiloEx’s specific infrastructure rather than reflecting a systemic pricing failure. However, the timing is notable, coming just days after the far larger $292 million KelpDAO rsETH hack, which has already shaken confidence in DeFi security infrastructure.

The Mitigation Strategy

In response to the attack, KiloEx implemented an emergency shutdown of all platform operations and initiated a multi-pronged recovery effort. The exchange offered a 10% white hat bounty, equivalent to approximately $750,000, for the return of 90% of the stolen funds. The team pledged to publicly acknowledge cooperation and refrain from pursuing legal action if the perpetrator complies.

Simultaneously, KiloEx issued a direct warning to the attacker, threatening full collaboration with global law enforcement agencies and legal exposure. The exchange is working with security firms, law enforcement, and other exchanges to trace and recover the stolen assets. A comprehensive post-mortem report is currently in preparation, though the technical details behind the oracle manipulation have not yet been fully published.

Lessons Learned

The KiloEx exploit reinforces several critical lessons for the DeFi ecosystem. First, oracle security remains a non-negotiable requirement for any platform handling user funds. Single-source price feeds or insufficiently validated pricing mechanisms create an open door for manipulation. Projects must implement multi-source oracle aggregation with deviation thresholds and circuit breakers that automatically halt trading when price data appears anomalous.

Second, the attack demonstrates that even well-funded platforms backed by major venture capital firms are not immune to basic security failures. Binance Labs’ investment in KiloEx did not prevent the exploit, suggesting that due diligence processes need to place greater emphasis on infrastructure security alongside market potential.

Third, the use of Tornado Cash for laundering stolen funds continues to be a pattern that complicates recovery. While the mixer has drawn regulatory scrutiny and sanctions, its decentralized nature means it remains accessible to sophisticated attackers.

User Action Required

For users who had funds on KiloEx, the immediate priority is to monitor official communications from the exchange regarding recovery plans and potential fund distributions. More broadly, DeFi users should evaluate the oracle infrastructure of any platform they interact with, preferring those that use established multi-source oracle providers like Chainlink or Pyth Network. Users should also consider limiting exposure to any single DeFi platform and maintaining awareness of the security track record of the protocols they trust with their capital.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi platform.