Kiloex是一種分散的交易交易交易所（DEX）

利用在多個區塊鍊網絡上展開，似乎源於平台價格甲骨文系統中的漏洞

Decentralized exchange (DEX) KiloEx, used for trading perpetual futures, was hit by a sophisticated attack on Tuesday that left users reeling from around $7 million in losses.

用於交易永久期貨的分散交易所（DEX）KILOEX在周二的一場複雜攻擊中受到了襲擊，這使用戶從約700萬美元的損失中捲起。

The exploit unfolded across multiple blockchain networks and appeared to stem from a vulnerability in the platform’s price oracle system, according to blockchain analysis firm Cyvers.

根據區塊鏈分析公司Cyers的說法，該漏洞源於多個區塊鍊網絡，似乎源於平台價格甲骨文系統中的脆弱性。

An attacker, whose wallet was funded via Tornado Cash — a tool that obfuscates transaction trails — executed a series of transactions on the Base, BNB Chain, and Taiko networks to take advantage of a flaw in the platform’s price oracle system, which allowed the attacker to manipulate asset prices.

一名攻擊者的錢包是通過龍捲風現金（一種使交易痕蹟的工具）資助的，該工具在基礎，BNB鍊和Taiko網絡上執行了一系列交易，以利用平台Price Oracle系統中的缺陷，從而使攻擊者可以操縱資產價格。

KiloEx has since confirmed the breach, suspended platform operations, and is now working with partners to trace the stolen funds and blacklist the attacker’s wallet.

此後，基洛克斯（Kiloex）確認了違規行為，暫停了平台操作，現在正在與合作夥伴合作，追踪被盜的資金，並將攻擊者的錢包列入黑名單。

Oracles are blockchain-based tools that relay any type of outside data to a blockchain, where smart contracts use that data to make decisions for a financial application. That is, the oracle tells the platform whether ether (ETH) is worth $2,000 or $3,000, ensuring trades happen at fair market prices.

Oracles是基於區塊鏈的工具，可將任何類型的外部數據傳達給區塊鏈，智能合約使用該數據為財務應用做出決策。也就是說，Oracle告訴平台Ether（ETH）是價值2,000美元還是3,000美元，以確保以公平的市場價格進行交易。

But oracles can be a weak link. In KiloEx’s case, the attacker exploited a price oracle access control vulnerability — essentially, a flaw that let them tamper with data by using flash loans (or temporary liquidity) that tricked the system into believing false prices.

但是牙齒可能是一個薄弱的環節。在Kiloex的情況下，攻擊者利用了Price Oracle訪問控制漏洞 - 本質上是一個缺陷，使他們通過使用閃光貸款（或臨時流動性）欺騙了該系統相信虛假價格來篡改數據。

The attacker manipulated the oracle to report an absurdly low price for ETH (say, $100) when opening a leveraged trading position. Leverage allows traders to borrow funds to amplify their bets, so a fake price can create massive distortions.

攻擊者操縱Oracle在開放槓桿交易頭寸時報告了ETH的荒謬價格（例如100美元）。槓桿率使交易者可以藉資金來擴大其賭注，因此假價格會造成巨大的扭曲。

This made it look like they’d made a huge profit, which they then withdrew from KiloEx’s vault. The attacker repeated this across Base, BNB Chain, and Taiko, exploiting KiloEx’s cross-chain setup to maximize gains before the platform could react.

這使他們看起來很巨大，然後從基洛克斯的金庫中撤出了巨額利潤。攻擊者在基礎，BNB鍊和Taiko上重複了這一點，利用了Kiloex的跨鏈設置，以最大程度地提高收益，然後才能做出反應。

In one reported transaction, the attacker netted $3.12 million in a single move.

在一項報告的交易中，攻擊者單一舉動淨獲得了312萬美元。

This isn’t the first time a DeFi platform has been hit by oracle manipulation. Similar attacks have targeted platforms like Mango Markets in 2022, where $100 million was stolen, and Cream Finance in 2021, with losses of $130 million.

這並不是第一次被Oracle操縱擊中。類似的攻擊在2022年有針對性的平台，例如芒果市場（Mango Markets），在那裡被盜了1億美元，並在2021年獲得了奶油融資，虧損為1.3億美元。