KiloEx Exploit Analysis: From Breach to Recovery

Summary

On April 15, 2025, KiloEx—a decentralized perpetual trading platform operating on BSC, opBNB, Base, and Manta Pacific—was exploited due to a critical smart contract vulnerability, resulting in a loss of approximately $8.4 million. Security firms, including SlowMist, swiftly responded to assist the KiloEx team in investigating the incident and initiating contact with the attacker.

What is KiloEx?

KiloEx is a decentralized exchange designed for perpetual contract trading, optimized for high-speed and low-fee environments on L2 networks. Integrated with chains like opBNB and Base, it offers gas-efficient leverage trading for retail and institutional users alike.

KiloEx, with the help of SlowMist, initiated negotiations with the exploiter. On April 18, following a collaborative effort with security partners, the protocol successfully recovered 90% of the stolen funds by offering a white hat bounty to the exploiter, bringing partial resolution to a multi-chain exploit that could have had far worse consequences.

Tweet from KiloEx post-Recovery.

Relevant addresses:

Main Exploiter : 0x00faC92881556A90FdB19eAe9F23640B95B4bcBd

Keeper Contract: 0x796f1793599d7b6aca6a87516546ddf8e5f3aa9d

Decoding the Exploit

The KiloEx exploit stemmed from a critical flaw in its meta-transaction handling, specifically within the TrustedForwarder contract. This contract inherited OpenZeppelin’s MinimalForwarderUpgradeable, which includes a default execute() function used to relay signed transactions. KiloEx failed to override or restrict this function, leaving it publicly accessible.

The execute() function in the MinimalForwarderUpgradeable contract, which contained the critical vulnerability exploited in the attack.

Using this path, the exploiter triggered a chain of calls, eventually manipulating the prices:

TrustedForwarder → PositionKeeper → Keeper → KiloPriceFeed.

The system was designed to allow only authorized Keeper contract to interact with sensitive functions like delegateExecutePositions(). However, the PositionKeeper contract only checked whether msg.sender==TrustedForwader, but not the identity of the original signer. This allowed the exploiter to pass a crafted signature and malicious calldata directly to the execute() function.

By exploiting this flaw, the attacker was able to call setPrices() in the KiloPriceFeed contract, first lowering the oracle price to open a long position, then raising it to close the position profitably—all within a single transaction.

Tx. Logs showing Exploiter got approval for unlimited spending access of Syenthetic USDC balance of KiloEx

This manipulation of internal pricing and trading logic allowed the attacker to extract unearned P&L without real market movement. The exploit impacted multiple chains and highlighted the risks of insufficient access control in meta-transaction flows. Crucially, the system failed to validate not just the sender, but the authority of the signer.

TX. Decoder showing interaction between all the contracts involved in the exploit on Base. Tx. hash: 0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd

On-Chain Activity

The exploit initiated on Ethereum, where the Main Exploiter 0x00faC92881556A90FdB19eAe9F23640B95B4bcBd received initial funding from Tornado Cash: 1ETH Pool. Funds were then dispersed across Base, opBNB, Manta, Taiko, among others, using DeFi protocols for covering gas fees to initiate the exploit.

Tracer 1: Visualization of the KiloEx Main Exploiter distributing funds through cross-chain protocols to fund addresses across multiple networks.

The attacker then deployed a dedicated Exploiter contract 0xd649a0876453fc7626569b28e364262192874e18on Base, conducting three malicious transactions and profiting over 3.32M USDC

Tracer 2: Visualization of synthetic asset (VUSD) transfers to the Keeper contract, subsequent burning of VUSD, and the Exploiter receiving equivalent USDC as profit and rewards, alongside interactions with Uniswap V3 for flash loans.

Subsequently, exploited funds were bridged back to Ethereum via DLNBridge, and various DeFi platforms were used to swap some of the USDC.

Tracer 3: Cross-chain movement of exploited funds from Base to Ethereum via bridging protocols.

Timeline and Breakdown

The attack was executed in a coordinated, phased manner, following a multi-chain approach across preparation, funding, deployment, and execution stages. For clarity, we will present a detailed breakdown of the activity on the Base network.

April 13, 2025 at 23:31 UTC

The attack originated on Ethereum, where the main exploiter 0x00fac92881556a90fdb19eae9f23640b95b4bcbd received 0.9941 ETH from Tornado Cash: 1 ETH pool. This initial funding marked the beginning of the incident, with the exploiter subsequently bridging funds to opBNB, Base, BSC, Taiko, B2, and Manta to cover gas fees and initiate the exploit. (Visualized in Tracer Image 1.)

Tx: hash: 0xa0fa4ab8ded0c07085d244e1981919b440f78b609e1cf8d7f8ee32d358dfdf46

Token transfers feature shows exploiter receiving initial funding from Tornado Cash: 1 ETH Pool.

April 14, 2025 at 12:04 UTC

The exploiter address on Base 0x00fac92881556a90fdb19eae9f23640b95b4bcbd was funded with 0.199 ETH via the Relay Link Bridge to cover gas fees and initiate the main exploit operations.

Tx. hash: 0x14919f8f2211d0007e24fce9d77c5512f011df61d9655b6e16984be00667e66d

Transaction Decoder shwoing the initial funding of the KiloEx Base Exploiter via the Relay Link Bridge.

April 14, 2025 at 18:27 UTC

The Base exploiter 0x00fac92881556a90fdb19eae9f23640b95b4bcbd created and deployed a malicious contract 0xd649a0876453fc7626569b28e364262192874e18 to carry out the exploit.

Tx. hash: 0x6f33006628760c91faede0fef756036ed0a72b826388ee4f573c33c81d048f4b

Flowchart showing creation of malicious contract by Base exploiter

April 14, 2025 at 18:53 UTC

The exploit commenced with the malicious contract being funded by the Base exploiter with ETH to cover operational gas fees. The exploiter then initiated flash loans from the Uniswap V3 pool, starting with 10,000 USDC.

Transaction Logs: Showing the transfer of 10,000 USDC to the Exploiter Contract via a flash loan from the Uniswap V3 pool.

Once the funds were secured, the exploiter initiated the attack by verifying the signature, invoking the execute() function on the MinimalForwarder contract, and sequentially interacting with the PositionKeeper and Keeper contracts.

Transaction Flowchart: Illustration of the exploit sequence, highlighting the price manipulation executed by the exploiter.

Ultimately, the price manipulation enabled the exploiter to generate illegitimate gains in the form of synthetic assets (VUSD).

The exploiter then repaid the flash loan and secured the profits in USDC. This method was repeated three times on the Base network alone, resulting in the extraction of approximately 3.3 million USDC.

Tx. hash:

  1. 0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd ( 3.13M USDC )

  2. 0xde7f5e78ea63cbdcd199f4b109db2a551b4462dec79e4dba37711f6c814b26e6 ( 186.60K USDC)

  3. 0xf0fcce0807a82041d050a60461e187f0e81a6f7fbda69bb600c04049d924e138 (11.08K USDC)

Execution of three transactions on KiloEx, resulting in the drainage of approximately 3.3 million USDC.

The attack was not limited to Base; it also impacted opBNB, BSC, Taiko, B2, and Manta, ultimately resulting in total losses of approximately $8.445 million.

BSC Exploiter0x00fac92881556a90fdb19eae9f23640b95b4bcbd drained 892K BSC-USD in a single transaction. Tx. hash: 0x1aaf5d1dc3cd07feb5530fbd6aa09d48b02cbd232f78a40c6ce8e12c55927d03

Post-Exploit Response and Recovery

With the support of SlowMist, KiloEx initiated negotiations with the exploiter, offering a 10% bounty in exchange for the return of 90% of the stolen funds. Blockscope’s Tracer confirmed the return of assets to KiloEx’s Safe wallets across multiple chains on April 18, nearly 3.5 days post-exploit.

The images below highlight the recovered assets: on Ethereum, returns were made in wBTC and DAI; on Base, returns were made in ETH and USDC to the designated recovery wallet 0xd38a22f5330f45162f13086d6ccbde0335c1ae9e.

Ethereum recovery
Base recovery

Additionally, using Blockscope’s Transaction Decoder, we were able to analyze and decode on-chain communications between KiloEx and the exploiter during the negotiation process.

On-chain communication between Exploiter and KiloEx

Conclusion & Security Reflection

Although funds recovery mitigated potential damage, this incident highlights ongoing security challenges in DeFi. Despite undergoing five audits since 2023, one of them recently in March 2025, KiloEx overlooked critical inherited contract permissions—a relatively simple yet costly oversight. This emphasizes that security cannot solely rely on periodic audits; continuous monitoring, dynamic threat modeling, and proactive security practices are essential.

Post-exploit audit by SlowMist and resumed operations reflect immediate response measures; however, achieving complete security is unrealistic without an ongoing commitment to proactive vigilance. To maintain transparency and accountability, KiloEx also published a detailed post-incident report addressing users' concerns.

Security is not a checkbox—it’s a continuous process. At Blockscope, we advocate for real-time monitoring, dynamic threat modeling, and actionable intelligence as integral to every Web3 protocol’s lifecycle.

Investigation by: Tushar Tiwari, Blockchain Forensics Analyst @ Blockscope

For more information, please reach out to us at [email protected]

Disclaimer: Best Effort Investigation

This investigation and its findings represent our best effort based on the information available at the time. However, please be aware of the following limitations:

  • The data used in this investigation may contain inaccuracies, omissions, or errors.

  • Information sources may be incomplete or subject to change.

  • New evidence may emerge that could alter the conclusions.

  • Analysis and interpretations are based on current understanding and may evolve.

We have made every reasonable attempt to ensure accuracy, but we cannot guarantee that all information is entirely correct or complete. This report should be considered a snapshot of our current knowledge and understanding, subject to revision as new information becomes available.

Last updated