Kiloex是一种分散的交易交易交易所（DEX）

利用在多个区块链网络上展开，似乎源于平台价格甲骨文系统中的漏洞

Decentralized exchange (DEX) KiloEx, used for trading perpetual futures, was hit by a sophisticated attack on Tuesday that left users reeling from around $7 million in losses.

用于交易永久期货的分散交易所（DEX）KILOEX在周二的一场复杂攻击中受到了袭击，这使用户从约700万美元的损失中卷起。

The exploit unfolded across multiple blockchain networks and appeared to stem from a vulnerability in the platform’s price oracle system, according to blockchain analysis firm Cyvers.

根据区块链分析公司Cyers的说法，该漏洞源于多个区块链网络，似乎源于平台价格甲骨文系统中的脆弱性。

An attacker, whose wallet was funded via Tornado Cash — a tool that obfuscates transaction trails — executed a series of transactions on the Base, BNB Chain, and Taiko networks to take advantage of a flaw in the platform’s price oracle system, which allowed the attacker to manipulate asset prices.

一名攻击者的钱包是通过龙卷风现金（一种使交易痕迹的工具）资助的，该工具在基础，BNB链和Taiko网络上执行了一系列交易，以利用平台Price Oracle系统中的缺陷，从而使攻击者可以操纵资产价格。

KiloEx has since confirmed the breach, suspended platform operations, and is now working with partners to trace the stolen funds and blacklist the attacker’s wallet.

此后，基洛克斯（Kiloex）确认了违规行为，暂停了平台操作，现在正在与合作伙伴合作，追踪被盗的资金，并将攻击者的钱包列入黑名单。

Oracles are blockchain-based tools that relay any type of outside data to a blockchain, where smart contracts use that data to make decisions for a financial application. That is, the oracle tells the platform whether ether (ETH) is worth $2,000 or $3,000, ensuring trades happen at fair market prices.

Oracles是基于区块链的工具，可将任何类型的外部数据传达给区块链，智能合约使用该数据为财务应用做出决策。也就是说，Oracle告诉平台Ether（ETH）是价值2,000美元还是3,000美元，以确保以公平的市场价格进行交易。

But oracles can be a weak link. In KiloEx’s case, the attacker exploited a price oracle access control vulnerability — essentially, a flaw that let them tamper with data by using flash loans (or temporary liquidity) that tricked the system into believing false prices.

但是牙齿可能是一个薄弱的环节。在Kiloex的情况下，攻击者利用了Price Oracle访问控制漏洞 - 本质上是一个缺陷，使他们通过使用闪光贷款（或临时流动性）欺骗了该系统相信虚假价格来篡改数据。

The attacker manipulated the oracle to report an absurdly low price for ETH (say, $100) when opening a leveraged trading position. Leverage allows traders to borrow funds to amplify their bets, so a fake price can create massive distortions.

攻击者操纵Oracle在开放杠杆交易头寸时报告了ETH的荒谬价格（例如100美元）。杠杆率使交易者可以借资金来扩大其赌注，因此假价格会造成巨大的扭曲。

This made it look like they’d made a huge profit, which they then withdrew from KiloEx’s vault. The attacker repeated this across Base, BNB Chain, and Taiko, exploiting KiloEx’s cross-chain setup to maximize gains before the platform could react.

这使他们看起来很巨大，然后从基洛克斯的金库中撤出了巨额利润。攻击者在基础，BNB链和Taiko上重复了这一点，利用了Kiloex的跨链设置，以最大程度地提高收益，然后才能做出反应。

In one reported transaction, the attacker netted $3.12 million in a single move.

在一项报告的交易中，攻击者单一举动净获得了312万美元。

This isn’t the first time a DeFi platform has been hit by oracle manipulation. Similar attacks have targeted platforms like Mango Markets in 2022, where $100 million was stolen, and Cream Finance in 2021, with losses of $130 million.

这并不是第一次被Oracle操纵击中。类似的攻击在2022年有针对性的平台，例如芒果市场（Mango Markets），在那里被盗了1亿美元，并在2021年获得了奶油融资，亏损为1.3亿美元。