KiloEx, a newly launched perpetual trading platform backed by YZi Labs (formerly Binance Labs), has fallen victim to a massive $7 million cross-chain exploit, affecting operations across the BNB Smart Chain, Base, and Taiko networks.
The exploit, first detected on April 14, remains ongoing, prompting the platform to suspend its services while security teams investigate and pursue the attackers.
Hackers Drain $7M via Tornado Cash-Funded Attack
According to blockchain security firm Cyvers, the attacker leveraged Tornado Cash to fund a wallet that executed a series of coordinated attacks, targeting vulnerabilities in KiloEx’s price oracle system. This flaw allowed unauthorized manipulation across multiple blockchains.
“Root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system,” Cyvers stated in a recent update.
Funds were rapidly moved between chains, highlighting the inherent risks of multi-chain DeFi architecture, especially in emerging protocols.
KiloEx’s Prominent Launch Turned Nightmare
KiloEx launched with high expectations after its Token Generation Event (TGE) on March 27, backed by Binance Wallet and listed on Binance Alpha, with support from PancakeSwap. The project gained traction quickly due to its ties to YZi Labs, Binance’s rebranded innovation arm.
However, this exploit has sent shockwaves through the market. The KILO token plunged by 30%, with its market cap falling from $11 million to $7.5 million within hours of the breach.
Platform Suspended, Investigation Underway
In response, KiloEx has halted all operations and is working with cybersecurity partners to track the attacker’s wallets and assess the full scope of the breach. USDC assets may also face blacklisting due to the exploit’s laundering mechanisms.
The team has announced a forthcoming white hat bounty program to recover stolen assets and improve platform security. Meanwhile, analysts warn this may be one of the most significant multi-chain exploits in recent months.
🚨 Update on the KiloEx Vault Exploit 🚨
We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets.
Our joint…
— KiloEx (@KiloEx_perp) April 14, 2025
What’s Next for KiloEx and YZi Labs?
The incident raises broader concerns about DeFi protocol security, especially those operating across multiple blockchain ecosystems. While KiloEx was designed to be a next-gen perpetual platform, this event underscores the fragility of interconnected DeFi systems and the urgency for rigorous audit processes.
Security experts and regulatory observers will be closely watching how YZi Labs, a former Binance division, responds and whether investor confidence can be restored.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments are volatile and risky. Always conduct your research before making any investment decisions.
