Dex Kilooex Loses $ 7m in Apparent Oracle Manipulation Attack

The Exploit Unfolded Across Multiple Blockchain Networks and Appeared to Stem From A Vulneragginess in the Platform’s Price Oracle System, Per Blockchain Analysis Firm Cyvers.

An Attacker, using a wallet funced through tornado caash – A Tool that ObsCures Transaction Trails – Executed A Series of Transactions on The Base, Bnb Chain, An and Taiko Networks Tota. Platform’s Price Oracle System, Which Allowed The Attacker to Manipulate Asset Prices.

KiloEx have since confirMed the Breach, Suspended Platform Operations, and Is Now Working with Partners to Trace The Stolen Funds and Blacklist The Attacker’s Wallet.

Oracales are Blockchain-Based Tools that Relay Any Type of Outside Data to A Blockchain, WHERE SMART CONTRACTS USE THAT DATA TO MAKE DECISIONS FOR A Financial Application. That is, the Oracle Tells the Platform Whther Ether (ETH) is a WORTH $ 2,000 OR $ 3,000, Ensuring Trades Happen at Fair Market Prices.

But Oracles can be a weak link. In KiloEx’s Case, The Attacker Exploited A Price Oracle Access Control Vulneracy – Essentally, A Flaw that Let Them Tamper With Data by Using Flash Loans Believing False Prices.

The attacker manipulated the oracle to report an absurdly Low Price for Eth (Say, $ 100) WHEN OPENING A LEVERGED Trading Position. LEVERAGE ALLOWS TRADERS TO BORROW FUNDS TO AMPLIFY their BETS, SO A FAKE PRICE CAN CREATE MASSIVE DISTORATIONS.

This Made It Look Like They Made a Huge Profit, whoy they then withdrew from kiloEx’s vault. The attacker repeated this account, BNB Chain, and Taiko, Exploiting KiloEx’s Cross-Chain Setup to Maximize Gains Before The Platform Could React.

In One Reported Transaction, The Attacker Netted $ 3.12 Million in a Single Move.

This isn’t the first time a defi platform has been hit by by by oracle manipulation. Similar Attacks Have Targeted Platforms Like Mango Markets in 2022, WHERE $ 100 MILLION WAS Stolen, and Cream Finance in 2021, with Losses of $ 130 Million.