基洛克斯（Kiloex）是在BNB連鎖店建造的分散交易所（DEX），遭受了750萬美元的襲擊，並暫停了行動。

基洛克斯（Kiloex）是在BNB連鎖店建造的分散交易所（DEX），遭受了750萬美元的襲擊，並暫停了行動。安全分析師將黑客描述為“價格甲骨文的利用”。

KiloEX, a Decentralized Exchange (DEX) built on the BNB chain, has suffered a $7.5 million crypto theft and has subsequently suspended operations.

基洛克斯（Kiloex）是建立在BNB連鎖店的分散交易所（DEX），遭受了750萬美元的加密盜竊，隨後暫停了行動。

Security analysts have described the hack as a ‘price oracle exploit.’ Binance Labs funded the DEX as part of its program to support Binance Coin (BNB) projects.

安全分析師將黑客描述為“價格甲骨文的利用”。 Binance Labs資助了DEX，作為支持Binance Coin（BNB）項目的計劃的一部分。

The hack has affected a multi-chain platform with support for BNB Smart Chain, Taiko, and Base. The attacker used an address with funds previously deposited into Tornado Cash. Some reports claim that North Korean hackers may be behind the attack due to their known use of mixers and prior attacks on crypto protocols. Afterwards, the attacker used MetaMask to transfer the funds.

該黑客影響了一個多鏈平台，並支持BNB智能鏈，Taiko和Base。攻擊者使用了一個地址，該地址先前存入龍捲風現金。一些報導聲稱，由於已知使用混合器以及對加密協議的先前攻擊，朝鮮黑客可能是襲擊的幕後黑客。之後，攻擊者使用metamask轉移資金。

However, the hacker did not target ETH but instead focused on withdrawing stablecoins. The stolen funds were then put into separate wallets without any further indication that Tornado Cash was being used to try and hide the tokens.

但是，黑客不是針對ETH的，而是專注於撤回穩定的穩定。然後將被盜的資金放入單獨的錢包中，而沒有任何進一步的跡象表明龍捲風現金被用於試圖隱藏令牌。

Chaofan Shou, co-founder of Fuzzland, said the attack was most likely the result of a price oracle issue because anyone can change the price oracle of KiloEX. There is a trusted forwarder process, but there is no verification after the forward is completed, according to Shou.

Fuzzland的聯合創始人Chaofan Shou表示，這次襲擊很可能是Price Oracle問題的結果，因為任何人都可以更改Kiloex的價格。舒說，有一個值得信賴的轉發器過程，但是遠期完成後沒有驗證。

“The exploit is a very simple process and could have been prevented,” Shou added.

“漏洞是一個非常簡單的過程，可以避免，” Shou補充說。

KiloEX quickly isolated the attack and suspended its platform. It also reached out to other security firms to help track the funds.

Kiloex迅速隔離了攻擊並暫停了其平台。它還與其他安全公司接觸以幫助跟踪資金。

In a novel approach to dealing with the breach, KiloEX is crediting anyone who helps them recover the stolen tokens. To prevent this type of attack, KiloEX aims to create a final report outlining what went wrong.

在處理違規的新方法中，Kiloex正在歸功於任何幫助他們恢復被盜令牌的人。為了防止這種攻擊，Kiloex的目標是創建最終報告，概述出了什麼問題。

KiloEX users predominantly stored their tokens in the KiloEX vault, which just happened to be the main target of the intruders, causing maximum losses for users.

Kiloex用戶主要將其令牌存儲在Kiloex保管庫中，這恰好是入侵者的主要目標，從而造成了用戶的最大損失。

After the hack, KiloEX shared the attacker’s address so that other platforms could prevent the hackers from withdrawing the stolen funds. Blacklisting addresses has become the latest strategy for platforms to prevent stolen money from entering the wider economy.

黑客攻擊後，Kiloex分享了攻擊者的地址，以便其他平台可以防止黑客撤回被盜資金。黑名單的地址已成為防止被盜資金進入更廣泛經濟的平台的最新策略。

KiloEX has been around since 2023 and has recently started expanding its operations. The DEX introduced more BNB-based meme tokens for users to exchange. Despite the recent attack, the DEX still has around $47.2 million in total value. In the past 24 hours, KiloEX had $31.8 million in trading volume, with $22 million invested in BTC-USDT trading.

Kiloex自2023年以來就已經出現了，最近開始擴大其業務。 DEX引入了更多基於BNB的模因令牌供用戶交換。儘管最近發生了攻擊，但DEX的總價值仍然約為4720萬美元。在過去的24小時內，Kiloex的交易量為3180萬美元，對BTC-USDT交易進行了2200萬美元的投資。

Price Oracles serve as a gateway between the DEX and the external world. In the case of KiloEX, they grab the price of tokens like Bitcoin or Ethereum and use the data to decide how much money a trader made.

價格甲骨文是DEX與外部世界之間的門戶。就Kiloex而言，他們抓住了像比特幣或以太坊這樣的令牌價格，並使用數據來決定交易者賺多少錢。

The Price Oracles, therefore, can be targeted by hackers because the price could theoretically be changed to benefit the attacker. This is how the KiloEX attack happened, with the attacker manipulating the Price Oracle so that the exchange disproportionately paid out a reward.

因此，價格甲殼機可以由黑客作為目標，因為理論上可以更改價格以使攻擊者受益。這就是Kiloex攻擊發生的方式，攻擊者操縱價格甲骨文，以使交易所不成比例地支付了獎勵。

According to the transaction history, the attacker most likely set the Ethereum price to $100 and then changed the price to $10,000, making a large profit and withdrawing all the extra money. The KiloEX users, meanwhile, lost all of their hard-earned tokens within a matter of minutes.

根據交易歷史記錄，攻擊者最有可能將以太坊價格設置為100美元，然後將價格更改為10,000美元，從而獲得大量利潤並撤回了所有額外的錢。同時，Kiloex的使用者在幾分鐘之內失去了所有辛苦的代幣。

KiloEX started its operations as perpetual DEXs became popular, with the potential of self-custody and more control over your funds. KiloEX settles all trades on-chain, meaning you have your funds immediately. However, in the attacker’s case, the ability to lock transactions allowed stolen funds to become locked, immutable, forever stolen and legalised by on-chain activities.

Kiloex開始運營，隨著永久性DEX變得流行，具有自我客戶的潛力和對您的資金的更多控制權。 Kiloex在鏈上解決所有交易，這意味著您立即擁有資金。但是，在攻擊者的情況下，鎖定交易的能力使被盜的資金被鎖定，無變之地，永遠被鏈接被盜和合法化。

Being a DEX, KiloEX did not offer any KYC services, allowing for anonymous transactions.

作為DEX，Kiloex沒有提供任何KYC服務，允許匿名交易。