# KiloEx Exploit Analysis: From Breach to Recovery

## Summary On April 15, 2025, [**KiloEx**](https://www.kiloex.io/)—a decentralized perpetual trading platform operating on BSC, opBNB, Base, and Manta Pacific—was exploited due to a critical smart contract vulnerability, resulting in a loss of approximately $8.4 million. Security firms, including [SlowMist, swiftly responded to assist the KiloEx team](https://x.com/SlowMist_Team/status/1911991384254402737) in investigating the incident and initiating contact with the attacker. ### What is KiloEx? [KiloEx](https://www.kiloex.io/) is a decentralized exchange designed for perpetual contract trading, optimized for high-speed and low-fee environments on L2 networks. Integrated with chains like opBNB and Base, it offers gas-efficient leverage trading for retail and institutional users alike. [KiloEx, with the help of SlowMist, initiated negotiations with the exploiter.](https://x.com/SlowMist_Team/status/1913184062656909646) On April 18, following a collaborative effort with security partners, the protocol successfully recovered 90% of the stolen funds by offering a white hat bounty to the exploiter, bringing partial resolution to a multi-chain exploit that could have had far worse consequences.

### Relevant addresses: Main Exploiter : `0x00faC92881556A90FdB19eAe9F23640B95B4bcBd` Keeper Contract: `0x796f1793599d7b6aca6a87516546ddf8e5f3aa9d` ## Decoding the Exploit The KiloEx exploit stemmed from a critical flaw in its meta-transaction handling, specifically within the `TrustedForwarder` contract. This contract inherited OpenZeppelin’s `MinimalForwarderUpgradeable`, which includes a default `execute()` function used to relay signed transactions. KiloEx failed to override or restrict this function, leaving it publicly accessible.

The `execute()` function in the `MinimalForwarderUpgradeable` contract, which contained the critical vulnerability exploited in the attack.

Using this path, the exploiter triggered a chain of calls, eventually manipulating the prices: #### **TrustedForwarder → PositionKeeper → Keeper → KiloPriceFeed**. The system was designed to allow only authorized `Keeper` contract to interact with sensitive functions like `delegateExecutePositions()`. However, the `PositionKeeper` contract only checked whether `msg.sender==TrustedForwader`, but not the identity of the original signer. This allowed the exploiter to pass a crafted signature and malicious calldata directly to the `execute()` function.

By exploiting this flaw, the attacker was able to call `setPrices()` in the `KiloPriceFeed` contract, first lowering the oracle price to open a long position, then raising it to close the position profitably—all within a single transaction.

Tx. Logs showing Exploiter got approval for unlimited spending access of Syenthetic USDC balance of KiloEx

This manipulation of internal pricing and trading logic allowed the attacker to extract unearned P\&L without real market movement. The exploit impacted multiple chains and highlighted the risks of insufficient access control in meta-transaction flows. Crucially, the system failed to validate not just the sender, but the authority of the signer.

TX. Decoder showing interaction between all the contracts involved in the exploit on Base. Tx. hash: `0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd`

## On-Chain Activity The exploit initiated on Ethereum, where the Main Exploiter `0x00faC92881556A90FdB19eAe9F23640B95B4bcBd` received initial funding from Tornado Cash: 1ETH Pool. Funds were then dispersed across Base, opBNB, Manta, Taiko, among others, using DeFi protocols for covering gas fees to initiate the exploit.

Tracer 1: Visualization of the KiloEx Main Exploiter distributing funds through cross-chain protocols to fund addresses across multiple networks.

The attacker then deployed a dedicated Exploiter contract `0xd649a0876453fc7626569b28e364262192874e18`on Base, conducting three malicious transactions and profiting over 3.32M USDC

Tracer 2: Visualization of synthetic asset (VUSD) transfers to the Keeper contract, subsequent burning of VUSD, and the Exploiter receiving equivalent USDC as profit and rewards, alongside interactions with Uniswap V3 for flash loans.

Subsequently, exploited funds were bridged back to Ethereum via DLNBridge, and various DeFi platforms were used to swap some of the USDC.

Tracer 3: Cross-chain movement of exploited funds from Base to Ethereum via bridging protocols.

## **Timeline and Breakdown** The attack was executed in a coordinated, phased manner, following a multi-chain approach across preparation, funding, deployment, and execution stages. For clarity, we will present a detailed breakdown of the activity on the Base network. ### April 13, 2025 at 23:31 UTC The attack originated on Ethereum, where the main exploiter `0x00fac92881556a90fdb19eae9f23640b95b4bcbd` received 0.9941 ETH from Tornado Cash: 1 ETH pool. This initial funding marked the beginning of the incident, with the exploiter subsequently bridging funds to opBNB, Base, BSC, Taiko, B2, and Manta to cover gas fees and initiate the exploit. (Visualized in Tracer Image 1.) Tx: hash: `0xa0fa4ab8ded0c07085d244e1981919b440f78b609e1cf8d7f8ee32d358dfdf46`

Token transfers feature shows exploiter receiving initial funding from Tornado Cash: 1 ETH Pool.

### April 14, 2025 at 12:04 UTC The exploiter address on Base `0x00fac92881556a90fdb19eae9f23640b95b4bcbd` was funded with 0.199 ETH via the Relay Link Bridge to cover gas fees and initiate the main exploit operations. Tx. hash: `0x14919f8f2211d0007e24fce9d77c5512f011df61d9655b6e16984be00667e66d`

Transaction Decoder shwoing the initial funding of the KiloEx Base Exploiter via the Relay Link Bridge.

### April 14, 2025 at 18:27 UTC The Base exploiter `0x00fac92881556a90fdb19eae9f23640b95b4bcbd` created and deployed a malicious contract `0xd649a0876453fc7626569b28e364262192874e18` to carry out the exploit. Tx. hash: 0x6f33006628760c91faede0fef756036ed0a72b826388ee4f573c33c81d048f4b

Flowchart showing creation of malicious contract by Base exploiter

### April 14, 2025 at 18:53 UTC The exploit commenced with the malicious contract being funded by the Base exploiter with ETH to cover operational gas fees. The exploiter then initiated flash loans from the Uniswap V3 pool, starting with 10,000 USDC.

Transaction Logs: Showing the transfer of 10,000 USDC to the Exploiter Contract via a flash loan from the Uniswap V3 pool.

Once the funds were secured, the exploiter initiated the attack by verifying the signature, invoking the `execute()` function on the `MinimalForwarder` contract, and sequentially interacting with the `PositionKeeper` and `Keeper contracts`.

Transaction Flowchart: Illustration of the exploit sequence, highlighting the price manipulation executed by the exploiter.

Ultimately, the price manipulation enabled the exploiter to generate illegitimate gains in the form of synthetic assets (VUSD).

The exploiter then repaid the flash loan and secured the profits in USDC. This method was repeated three times on the Base network alone, resulting in the extraction of approximately 3.3 million USDC. Tx. hash: 1. `0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd` ( *3.13M USDC* ) 2. `0xde7f5e78ea63cbdcd199f4b109db2a551b4462dec79e4dba37711f6c814b26e6` ( *186.60K USDC*) 3. `0xf0fcce0807a82041d050a60461e187f0e81a6f7fbda69bb600c04049d924e138` (*11.08K USDC*)

Execution of three transactions on KiloEx, resulting in the drainage of approximately 3.3 million USDC.

The attack was not limited to Base; it also impacted **opBNB, BSC, Taiko, B2, and Manta**, ultimately resulting in **total losses of approximately $8.445 million**.

BSC Exploiter`0x00fac92881556a90fdb19eae9f23640b95b4bcbd` drained 892K BSC-USD in a single transaction. Tx. hash: `0x1aaf5d1dc3cd07feb5530fbd6aa09d48b02cbd232f78a40c6ce8e12c55927d03`

## **Post-Exploit Response and Recovery** With the support of SlowMist, [KiloEx initiated negotiations with the exploiter](https://x.com/KiloEx_perp/status/1913168299292328115), offering a 10% bounty in exchange for the return of 90% of the stolen funds. Blockscope’s Tracer confirmed the return of assets to KiloEx’s Safe wallets across multiple chains on April 18, nearly 3.5 days post-exploit. The images below highlight the recovered assets: on Ethereum, returns were made in wBTC and DAI; on Base, returns were made in ETH and USDC to the designated recovery wallet `0xd38a22f5330f45162f13086d6ccbde0335c1ae9e`.

Additionally, using Blockscope’s Transaction Decoder, we were able to analyze and decode on-chain communications between KiloEx and the exploiter during the negotiation process.

On-chain communication between Exploiter and KiloEx

## **Conclusion & Security Reflection** Although funds recovery mitigated potential damage, this incident highlights ongoing security challenges in DeFi. Despite [undergoing five audits since 2023](https://docs.kiloex.io/kiloex/about-kiloex/audit), one of them recently in March 2025, KiloEx overlooked critical inherited contract permissions—a relatively simple yet costly oversight. This emphasizes that security cannot solely rely on periodic audits; continuous monitoring, dynamic threat modeling, and proactive security practices are essential. [Post-exploit audit by SlowMist](https://github.com/slowmist/Knowledge-Base/blob/master/open-report-V2/smart-contract/KiloEx%20Phase1%20-%20SlowMist%20Audit%20Report.pdf) and resumed operations reflect immediate response measures; however, achieving complete security is unrealistic without an ongoing commitment to proactive vigilance. To maintain transparency and accountability, [KiloEx also published a detailed post-incident report ](https://medium.com/@KiloEx/kiloex-security-incident-root-cause-analysis-post-mortem-3d899caac08c)addressing users' concerns.

***Security is not a checkbox—it’s a continuous process*****.** At [**Blockscope**](https://www.blockscope.co/), we advocate for real-time monitoring, dynamic threat modeling, and actionable intelligence as integral to every Web3 protocol’s lifecycle. **Investigation by**: [Tushar Tiwari](https://in.linkedin.com/in/tushar-tiwari-1380271b7), Blockchain Forensics Analyst @[ Blockscope](https://www.blockscope.co/) For more information, please reach out to us at ****

Disclaimer: Best Effort Investigation This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations: * The data used in this investigation may contain inaccuracies, omissions, or errors. * Information sources may be incomplete or subject to change. * New evidence may emerge that could alter the conclusions. * Analysis and interpretations are based on current understanding and may evolve. We have made every reasonable attempt to ensure accuracy, but we cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://research.blockscope.co/kiloex-exploit-analysis/kiloex-exploit-analysis-from-breach-to-recovery.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.