Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The decentralized perpetual futures exchange KiloEx was attacked, involving assets across multiple chains including BNB and Base. According to an analysis by the SlowMist Security Team, the root cause of the incident was the lack of access control checks in KiloEx's top-level contract (MinimalForwarder), which allowed the manipulation of oracle prices. Thanks to the active response from the project team and collaboration with SlowMist and others, all stolen assets were successfully recovered after 3.5 days of effort. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 8,440,000.
- chain
- base
- protocol
- KiloEx
- bug_class
- access-control
- date_occurred
- 2025-04-15
- loss_usd
- $8,440,000
- source_id
- sm:kiloex::2025-04-15