KiloEx is a multi-chain perpetual protocol deployed on BNB, base, opBNB, and Manta got into a hack for $7.4m.
On April 14, 2025, at 18:53 UTC, the attack occurred on the base chain, draining $3.4m from the KiloEx vault. The attacker followed a similar pattern on other chains as well. The analysis cover the hack details, how it happened, the attack flow, and the funds lost.
KiloEx Hack Analysis and Its Impact
The attacker, 0x00fac92881556a90fdb19eae9f23640b95b4bcbd, was funded through tornado cash on April 13th, 2025 at 11:32pm UTC in the following transaction: https://etherscan.io/tx/0xa0fa4ab8ded0c07085d244e1981919b440f78b609e1cf8d7f8ee32d358dfdf46
Initially, the attacker made a call to the execute function of MinimalForwarderContract (0x3274b668aed85479e2a8511e74d7db7240ebe7c8). This contract allows the user to provide input without any proper validation. Hence, the attacker provided a fabricated signature and the from address 0x551f3110f12c763d1611d5a63b5f015d1c1a954c, which is one of the other wallets of the attacker.
This fabricated signature allowed the attacker to change the price of ETH
The attacker initially set the price of ETH to $100, consecutively opening an ETH long on the platform.
Once the position is opened, the attacker changed the price of ETH again to $10000, profiting from the leveraged position.
Opening the Long Position on ETH - executeIncreasePosition
Closing the Long Position on ETH - executeDecreasePosition
Flow of Funds post Attack
Three addresses are involved in the attack, as addressed by the Kilo Ex team, and are the following:
0x551f3110f12c763d1611d5a63b5f015d1c1a954c
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
0xd43b395efad4877e94e06b980f4ed05367484bf3
All the funds are currently held by the above 3 addresses. They are routed through zkBridge, deBridge, and Meson.
Relevant Transactions
How could this attack have been prevented?
The root cause of the attack on KiloEx was a lack of validation checks at the user-facing contract. MinimalForwarderContract is the crucial part of the whole protocol, and it allows users to set any from address while calling it, and a lack of validation had a cascading effect, which caused damage to the vault.
KiloEx is a pool-based perpetual DEX in which traders trade against the LPs. In this case, the LPs have lost their funds.
Similar attack vectors are used quite a several times. In this case, a simple validation check could have saved the protocol’s vault. The use of a leveraged position also boosted the attack. Moreover, security audits play a major role in preventing such situations.
Conclusion
The attacker took advantage of the lack of validation and access control in the user-facing contract and the platform dynamics.
The price manipulation attack, combined with the leverage, caused damage to the protocol vault. The attack led to the loss of $7.4m from the KiloEx Vault from major chains including opBNB, base, BSC, and Manta.
These kinds of attacks occur a lot in the crypto space, and they require immediate attention. One way to provide the required attention is to go through a robust audit process. A great audit process is a mixture of great auditors, a layered approach for testing, and clear communication. At Quill Audits, we make sure that happens using our 7+ years of experience and talented team.
