A naukri.com initiative
NullTX
1M
425
Image Credit: NullTX
$7 Million Exploit Hits KiloEx: Flawed Access Control Allows Price Manipulation Across Multiple Chains
- A critical flaw in decentralized perpetual exchange KiloEx allowed an attacker to siphon off around $7 million by manipulating oracle prices.
- The exploit affected three chains—BNB Chain, Base, and Taiko—and highlighted issues with decentralized finance protocols.
- The attacker used a weak contract design to manipulate price feeds, exploiting the KiloEx platform's oracle-based pricing mechanism.
- Tornado Cash was used to obscure the origin of funds in dubious transactions that triggered alarms before the exploit campaign.
- The attacker gained control over price-setting mechanisms through the MinimalForwarder contract, leading to fund drainage.
- The attack unfolded by exploiting the access control flaw in the MinimalForwarder contract to manipulate prices and drain funds.
- The exploit enabled the attacker to open and close positions at distorted price levels, causing significant financial losses.
- The attacker's deep knowledge of KiloEx's smart contract framework and weaknesses facilitated the sophisticated attack.
- The breach underscores the importance of robust access controls in smart contract systems, particularly in oracles and trading mechanisms.
- The DeFi community calls for stringent audit standards and security testing to prevent similar exploits in the future.
Read Full Article
25 Likes
For uninterrupted reading, download the app