Kiloex是由Yzi Labs（以前為Binance Labs）支持的永久交易平台，已被利用700萬美元

Cyvers分析師報告說，攻擊者使用龍捲風現金資助的地址執行一系列協調的交易。

KiloEx, a startup perpetual trading platform backed by YZi Labs (formerly known as Binance Labs), has suffered a cross-chain exploit, resulting in the theft of approximately $7 million.

Kiloex是由Yzi Labs（以前稱為Binance Labs）支持的永久性交易平台，已遭受跨鏈利用，導致盜竊約700萬美元。

The incident began on April 14 with hackers exploiting potential flaws in KiloEx’s price oracle system, granting them opportunistic access to manipulate critical data feeds.

該事件始於4月14日，黑客在Kiloex的價格甲骨文系統中利用潛在缺陷，使他們有機會地操縱關鍵數據源。

This exploit was used to siphon funds from KiloEx’s mainnet v2 deployment across BNB Smart Chain, Base, and Taiko networks.

該漏洞用於從BNB智能鏈，基地和Taiko Networks的Mainnet V2部署中汲取資金。

Hackers Used Tornado Cash-Funded Address

黑客使用了龍捲風現金資助的地址

Cyvers' analysts noted that the attacker used an address funded by Tornado Cash to carry out a series of coordinated transactions.

Cyvers的分析師指出，攻擊者使用了由Tornado Cash資助的地址進行一系列協調的交易。

On-chain evidence reveals rapid fund movements across multiple chains, highlighting the interconnected nature of DeFi and the ease with which vulnerabilities in one protocol can be used to cascade attacks across different ecosystems.

鏈上的證據揭示了跨多個鏈條的快速基金運動，突出了Defi的相互聯繫性質以及一種方案中脆弱性可用於跨不同生態系統的攻擊。

The project, which launched its Token Generation Event (TGE) on March 27 in partnership with Binance Wallet and PancakeSwap, is currently listed on Binance Alpha.

該項目於3月27日與Binance Wallet和Pancakeswap合作啟動了代幣生成活動（TGE），目前已在Binance Alpha上列出。

“Root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system, and USDC may be subject to blacklisting,” wrote Cyvers.

Cyvers寫道：“根本原因是潛在的價格Oracle訪問控制漏洞。攻擊者仍在積極利用該系統，USDC可能會被黑名單。”

The project was incubated by YZi Labs, an investment and innovation division focused on blockchain startups. Previously branded as Binance Labs, YZi Labs has a portfolio of over 100 projects across various blockchain ecosystems.

該項目是由Yzi Labs孵化的，Yzi Labs是一個專注於區塊鏈初創公司的投資和創新部門。 Yzi Labs以前被稱為Binance Labs，在各種區塊鏈生態系統中擁有100多個項目的投資組合。

The launch of KiloEx drew significant attention due to its backing and integration with BNB Smart Chain, a leading blockchain ecosystem known for its high throughput and low transaction fees.

Kiloex的推出引起了人們的重大關注，因為它與BNB Smart Chain的支持和集成，BNB Smart Chain是一個領先的區塊鏈生態系統，以其高吞吐量和低交易費用而聞名。

In response to the incident, KiloEx has suspended its platform and is collaborating closely with renowned security partners—including Seal-911, SlowMist, and Sherlock—to conduct a comprehensive investigation and identify the perpetrators.

為了應對這一事件，Kiloex暫停了其平台，並與著名的安全合作夥伴（包括Seal-911，Slowmist和Sherlock）緊密合作，以進行全面的調查並確定肇事者。

The team is also working tirelessly with relevant exchanges and protocols to track the stolen assets and facilitate their recovery. Furthermore, KiloEx plans to launch a bounty program to encourage white hat hackers to assist in securing the platform and recovering user assets.

該團隊還孜孜不倦地進行相關的交流和協議，以跟踪被盜資產並促進他們的康復。此外，Kiloex計劃啟動一項賞金計劃，以鼓勵白帽子黑客幫助確保平台並恢復用戶資產。

“We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets,” the statement reads.

聲明寫道：“我們正在與BNB連鎖店，Manta Network和領先的區塊鏈安全合作夥伴（包括Seal-911，Slowmist和Sherlock）進行研究，以調查最近的Kiloex Vault漏洞利用和追踪被盜資產。”

Our joint efforts are focused on mitigating the impact of the exploit, identifying the root cause of the vulnerability, and bringing those responsible to justice.

我們的共同努力集中在減輕利用的影響，確定脆弱性的根本原因，並將責任的人繩之以法。

We are committed to providing regular updates to the community throughout this process.

在整個過程中，我們致力於為社區提供定期更新。

In the meantime, we urge everyone to remain vigilant and prioritize online safety practices. Together, we can create a safer and more secure blockchain ecosystem for all.

同時，我們敦促所有人保持警惕並確定在線安全慣例。一起，我們可以為所有人創建一個更安全，更安全的區塊鏈生態系統。

The incident has sparked sharp reactions in the market, with KILO token plummeting by 30%. Its market capitalization dropped from $11 million to $7.5 million within hours of the attack.

該事件在市場上引起了急劇的反應，基洛令牌下降了30％。其市值在襲擊發生幾小時內從1100萬美元下降到750萬美元。

As the dust settles, security teams are closely monitoring the attacker’s wallet addresses:

隨著塵埃落定，安全團隊正在密切監視攻擊者的錢包地址：

* ATOM:8888888888888888888888888888888888888888888888888A8A7696

*原子：888888888888888888888888888888888888888888888888888888888A7696

* ATOM:8888888888888888888888888888888888888888888888888A8A7687

*原子：888888888888888888888888888888888888888888888888888888888A7687

* BASE:0x90C94060eA68A36A9902220A6A2686A3A98e6496

*基礎：0x90C94060A68A36A36A90222220A6A268A398E6496

The situation remains fluid as remediation efforts continue and the vulnerability is further assessed.

隨著補救工作的繼續，這種情況仍然是流動的，並進一步評估了脆弱性。