基洛克斯（Kiloex）是在BNB连锁店建造的分散交易所（DEX），遭受了750万美元的袭击，并暂停了行动。

基洛克斯（Kiloex）是在BNB连锁店建造的分散交易所（DEX），遭受了750万美元的袭击，并暂停了行动。安全分析师将黑客描述为“价格甲骨文的利用”。

KiloEX, a Decentralized Exchange (DEX) built on the BNB chain, has suffered a $7.5 million crypto theft and has subsequently suspended operations.

基洛克斯（Kiloex）是建立在BNB连锁店的分散交易所（DEX），遭受了750万美元的加密盗窃，随后暂停了行动。

Security analysts have described the hack as a ‘price oracle exploit.’ Binance Labs funded the DEX as part of its program to support Binance Coin (BNB) projects.

安全分析师将黑客描述为“价格甲骨文的利用”。 Binance Labs资助了DEX，作为支持Binance Coin（BNB）项目的计划的一部分。

The hack has affected a multi-chain platform with support for BNB Smart Chain, Taiko, and Base. The attacker used an address with funds previously deposited into Tornado Cash. Some reports claim that North Korean hackers may be behind the attack due to their known use of mixers and prior attacks on crypto protocols. Afterwards, the attacker used MetaMask to transfer the funds.

该黑客影响了一个多链平台，并支持BNB智能链，Taiko和Base。攻击者使用了一个地址，该地址先前存入龙卷风现金。一些报道声称，由于已知使用混合器以及对加密协议的先前攻击，朝鲜黑客可能是袭击的幕后黑客。之后，攻击者使用metamask转移资金。

However, the hacker did not target ETH but instead focused on withdrawing stablecoins. The stolen funds were then put into separate wallets without any further indication that Tornado Cash was being used to try and hide the tokens.

但是，黑客不是针对ETH的，而是专注于撤回稳定的稳定。然后将被盗的资金放入单独的钱包中，而没有任何进一步的迹象表明龙卷风现金被用于试图隐藏令牌。

Chaofan Shou, co-founder of Fuzzland, said the attack was most likely the result of a price oracle issue because anyone can change the price oracle of KiloEX. There is a trusted forwarder process, but there is no verification after the forward is completed, according to Shou.

Fuzzland的联合创始人Chaofan Shou表示，这次袭击很可能是Price Oracle问题的结果，因为任何人都可以更改Kiloex的价格。舒说，有一个值得信赖的转发器过程，但是远期完成后没有验证。

“The exploit is a very simple process and could have been prevented,” Shou added.

“漏洞是一个非常简单的过程，可以避免，” Shou补充说。

KiloEX quickly isolated the attack and suspended its platform. It also reached out to other security firms to help track the funds.

Kiloex迅速隔离了攻击并暂停了其平台。它还与其他安全公司接触以帮助跟踪资金。

In a novel approach to dealing with the breach, KiloEX is crediting anyone who helps them recover the stolen tokens. To prevent this type of attack, KiloEX aims to create a final report outlining what went wrong.

在处理违规的新方法中，Kiloex正在归功于任何帮助他们恢复被盗令牌的人。为了防止这种攻击，Kiloex的目标是创建最终报告，概述出了什么问题。

KiloEX users predominantly stored their tokens in the KiloEX vault, which just happened to be the main target of the intruders, causing maximum losses for users.

Kiloex用户主要将其令牌存储在Kiloex保管库中，这恰好是入侵者的主要目标，从而造成了用户的最大损失。

After the hack, KiloEX shared the attacker’s address so that other platforms could prevent the hackers from withdrawing the stolen funds. Blacklisting addresses has become the latest strategy for platforms to prevent stolen money from entering the wider economy.

黑客攻击后，Kiloex分享了攻击者的地址，以便其他平台可以防止黑客撤回被盗资金。黑名单的地址已成为防止被盗资金进入更广泛经济的平台的最新策略。

KiloEX has been around since 2023 and has recently started expanding its operations. The DEX introduced more BNB-based meme tokens for users to exchange. Despite the recent attack, the DEX still has around $47.2 million in total value. In the past 24 hours, KiloEX had $31.8 million in trading volume, with $22 million invested in BTC-USDT trading.

Kiloex自2023年以来就已经出现了，最近开始扩大其业务。 DEX引入了更多基于BNB的模因令牌供用户交换。尽管最近发生了攻击，但DEX的总价值仍然约为4720万美元。在过去的24小时内，Kiloex的交易量为3180万美元，对BTC-USDT交易进行了2200万美元的投资。

Price Oracles serve as a gateway between the DEX and the external world. In the case of KiloEX, they grab the price of tokens like Bitcoin or Ethereum and use the data to decide how much money a trader made.

价格甲骨文是DEX与外部世界之间的门户。就Kiloex而言，他们抓住了像比特币或以太坊这样的令牌价格，并使用数据来决定交易者赚多少钱。

The Price Oracles, therefore, can be targeted by hackers because the price could theoretically be changed to benefit the attacker. This is how the KiloEX attack happened, with the attacker manipulating the Price Oracle so that the exchange disproportionately paid out a reward.

因此，价格甲壳机可以由黑客作为目标，因为理论上可以更改价格以使攻击者受益。这就是Kiloex攻击发生的方式，攻击者操纵价格甲骨文，以使交易所不成比例地支付了奖励。

According to the transaction history, the attacker most likely set the Ethereum price to $100 and then changed the price to $10,000, making a large profit and withdrawing all the extra money. The KiloEX users, meanwhile, lost all of their hard-earned tokens within a matter of minutes.

根据交易历史记录，攻击者最有可能将以太坊价格设置为100美元，然后将价格更改为10,000美元，从而获得大量利润并撤回了所有额外的钱。同时，Kiloex的使用者在几分钟之内失去了所有辛苦的代币。

KiloEX started its operations as perpetual DEXs became popular, with the potential of self-custody and more control over your funds. KiloEX settles all trades on-chain, meaning you have your funds immediately. However, in the attacker’s case, the ability to lock transactions allowed stolen funds to become locked, immutable, forever stolen and legalised by on-chain activities.

Kiloex开始运营，随着永久性DEX变得流行，具有自我客户的潜力和对您的资金的更多控制权。 Kiloex在链上解决所有交易，这意味着您立即拥有资金。但是，在攻击者的情况下，锁定交易的能力使被盗的资金被锁定，无变之地，永远被链接被盗和合法化。

Being a DEX, KiloEX did not offer any KYC services, allowing for anonymous transactions.

作为DEX，Kiloex没有提供任何KYC服务，可以进行匿名交易。