Binance Wallet and YZi Labs-Backed KiloEx Suffers a $7 Million Hack

KiloEx, a newly launched perpetual trading platform backed by YZi Labs (formerly Binance Labs), has suffered a cross-chain exploit resulting in the theft of approximately $7 million. The attack, which began on April 14, is ongoing and has impacted operations across BNB Smart Chain, Base, and Taiko networks.

Hackers Drain $7 Million from KiloEx Using Tornado Cash

Cyvers analysts report that the attacker used a Tornado Cash-funded address to execute a series of coordinated transactions. It exploited potential access control flaws in KiloEx’s price oracle system.On-chain evidence shows rapid fund movements between multiple chains. This raises concerns over systemic vulnerabilities in multi-chain DeFi architecture.

KiloEx launched its Token Generation Event (TGE) on March 27 in partnership with Binance Wallet and PancakeSwap. It’s currently listed on Binance Alpha. 

“Root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system, and USDC may be subject to blacklisting,” wrote Cyvers.

The project was incubated by YZi Labs, an investment and innovation division previously branded as Binance Labs. 

The launch attracted significant attention due to its backing and integration with BNB Smart Chain.

Following the attack, KiloEx has suspended its platform and is collaborating with security partners to investigate the breach and track stolen funds. 

The team has announced plans to launch a bounty program to encourage white hat assistance and recover user assets.

The incident has triggered sharp market reactions. The KILO token plummeted by 30%, with its market capitalization dropping from $11 million to $7.5 million within hours of the attack.

Security teams are actively monitoring the attacker’s wallet addresses. The situation remains fluid as remediation efforts continue and the vulnerability is further assessed.