Kiloex是由Yzi Labs（以前为Binance Labs）支持的永久交易平台，已被利用700万美元

Cyvers分析师报告说，攻击者使用龙卷风现金资助的地址执行一系列协调的交易。

KiloEx, a startup perpetual trading platform backed by YZi Labs (formerly known as Binance Labs), has suffered a cross-chain exploit, resulting in the theft of approximately $7 million.

Kiloex是由Yzi Labs（以前称为Binance Labs）支持的永久性交易平台，已遭受跨链利用，导致盗窃约700万美元。

The incident began on April 14 with hackers exploiting potential flaws in KiloEx’s price oracle system, granting them opportunistic access to manipulate critical data feeds.

该事件始于4月14日，黑客在Kiloex的价格甲骨文系统中利用潜在缺陷，使他们有机会地操纵关键数据源。

This exploit was used to siphon funds from KiloEx’s mainnet v2 deployment across BNB Smart Chain, Base, and Taiko networks.

该漏洞用于从BNB智能链，基地和Taiko Networks的Mainnet V2部署中汲取资金。

Hackers Used Tornado Cash-Funded Address

黑客使用了龙卷风现金资助的地址

Cyvers' analysts noted that the attacker used an address funded by Tornado Cash to carry out a series of coordinated transactions.

Cyvers的分析师指出，攻击者使用了由Tornado Cash资助的地址进行一系列协调的交易。

On-chain evidence reveals rapid fund movements across multiple chains, highlighting the interconnected nature of DeFi and the ease with which vulnerabilities in one protocol can be used to cascade attacks across different ecosystems.

链上的证据揭示了跨多个链条的快速基金运动，突出了Defi的相互联系性质以及一种方案中脆弱性可用于跨不同生态系统的攻击。

The project, which launched its Token Generation Event (TGE) on March 27 in partnership with Binance Wallet and PancakeSwap, is currently listed on Binance Alpha.

该项目于3月27日与Binance Wallet和Pancakeswap合作启动了代币生成活动（TGE），目前已在Binance Alpha上列出。

“Root cause was a potential price oracle access control vulnerability. The attacker is still actively exploiting the system, and USDC may be subject to blacklisting,” wrote Cyvers.

Cyvers写道：“根本原因是潜在的价格Oracle访问控制漏洞。攻击者仍在积极利用该系统，USDC可能会被黑名单。”

The project was incubated by YZi Labs, an investment and innovation division focused on blockchain startups. Previously branded as Binance Labs, YZi Labs has a portfolio of over 100 projects across various blockchain ecosystems.

该项目是由Yzi Labs孵化的，Yzi Labs是一个专注于区块链初创公司的投资和创新部门。 Yzi Labs以前被称为Binance Labs，在各种区块链生态系统中拥有100多个项目的投资组合。

The launch of KiloEx drew significant attention due to its backing and integration with BNB Smart Chain, a leading blockchain ecosystem known for its high throughput and low transaction fees.

Kiloex的推出引起了人们的重大关注，因为它与BNB Smart Chain的支持和集成，BNB Smart Chain是一个领先的区块链生态系统，以其高吞吐量和低交易费用而闻名。

In response to the incident, KiloEx has suspended its platform and is collaborating closely with renowned security partners—including Seal-911, SlowMist, and Sherlock—to conduct a comprehensive investigation and identify the perpetrators.

为了应对这一事件，Kiloex暂停了其平台，并与著名的安全合作伙伴（包括Seal-911，Slowmist和Sherlock）紧密合作，以进行全面的调查并确定肇事者。

The team is also working tirelessly with relevant exchanges and protocols to track the stolen assets and facilitate their recovery. Furthermore, KiloEx plans to launch a bounty program to encourage white hat hackers to assist in securing the platform and recovering user assets.

该团队还孜孜不倦地进行相关的交流和协议，以跟踪被盗资产并促进他们的康复。此外，Kiloex计划启动一项赏金计划，以鼓励白帽子黑客帮助确保平台并恢复用户资产。

“We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets,” the statement reads.

声明写道：“我们正在与BNB连锁店，Manta Network和领先的区块链安全合作伙伴（包括Seal-911，Slowmist和Sherlock）进行研究，以调查最近的Kiloex Vault漏洞利用和追踪被盗资产。”

Our joint efforts are focused on mitigating the impact of the exploit, identifying the root cause of the vulnerability, and bringing those responsible to justice.

我们的共同努力集中在减轻利用的影响，确定脆弱性的根本原因，并将责任的人绳之以法。

We are committed to providing regular updates to the community throughout this process.

在整个过程中，我们致力于为社区提供定期更新。

In the meantime, we urge everyone to remain vigilant and prioritize online safety practices. Together, we can create a safer and more secure blockchain ecosystem for all.

同时，我们敦促所有人保持警惕并确定在线安全惯例。一起，我们可以为所有人创建一个更安全，更安全的区块链生态系统。

The incident has sparked sharp reactions in the market, with KILO token plummeting by 30%. Its market capitalization dropped from $11 million to $7.5 million within hours of the attack.

该事件在市场上引起了急剧的反应，基洛令牌下降了30％。其市值在袭击发生后数小时内从1100万美元下降到750万美元。

As the dust settles, security teams are closely monitoring the attacker’s wallet addresses:

随着尘埃落定，安全团队正在密切监视攻击者的钱包地址：

* ATOM:8888888888888888888888888888888888888888888888888A8A7696

*原子：888888888888888888888888888888888888888888888888888888888A7696

* ATOM:8888888888888888888888888888888888888888888888888A8A7687

*原子：888888888888888888888888888888888888888888888888888888888A7687

* BASE:0x90C94060eA68A36A9902220A6A2686A3A98e6496

*基础：0x90C94060A68A36A36A90222220A6A268A398E6496

The situation remains fluid as remediation efforts continue and the vulnerability is further assessed.

随着补救工作的继续，这种情况仍然是流动的，并进一步评估了脆弱性。