Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • SUBMIT
Crypto Flexs
Home»HACKING NEWS»$ 7.5m kilo X hacking inside
HACKING NEWS

$ 7.5m kilo X hacking inside

By Crypto FlexsJune 15, 20253 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
$ 7.5m kilo X hacking inside
Share
Facebook Twitter LinkedIn Pinterest Email

On April 14, 2025, the KiloEX protocol suffered a loss of $ 7.5 million for significant violations of security. This event comes from the Oracle operation attack and emphasizes the important vulnerabilities of the protocol access control mechanism. Let’s find out what happened and what we can learn.

Root cause

The root of the exploit was the access control of the protocol. MinimalForwardercontract. Contract inherited from Openzeppelin ‘s MinimalForwarderUpgradeable It contains vulnerabilities executeA function that does not correctly check the signature of the data provided.

Trust model

The KiloEX protocol was operated as a complex trust model related to multiple contracts.

  • KilopriceFeed → Goalkeeper
  • Goalkeeper → Position Keeper
  • Position Keeper → Minimum forward
  • Minimum forward → Unlimited access

Critical defects are in the final link of this chain. MinimalForwarder contract I trusted the request that comes in.

Attack vector

The attacker exploited vulnerabilities by producing malicious transactions that detour intended access controls. You just need to offer the attack successfully.

  1. valid from Address (it can be obtained from previous transactions)
  2. valid signature (Also observed in the warm chain data)
  3. All arbitrary to Address (in this case Position keeper))
  4. custom data To run the function

Especially this attack MinimalForwarder The contract was not transparent and could not be found on the BSC or base.

Running attack

The attacker has been exploited through a series of calculated stages.

  1. We manipulated Oracle to lower asset prices.
  2. I opened a long position at an artificially low price.
  3. In order to raise the price, we manipulated Oracle again.
  4. Closed location for significant profits

Influence and meaning

This case reminds me of some important security principles.

  1. Access control is important Even inherited contracts require careful review and potential modifications to meet specific security requirements.
  2. Trust model verification -The complex trust relationship between contracts requires thorough verification at each stage.
  3. Oracle security -The price feed mechanism remains an important attack vector in the Defi protocol.

Evidence

The attack has been run in several chains.

Binance Smart Chain:

base:

Main takeout

  • Always review and test inherited contracts, especially access control mechanisms.
  • For security analysis, you should be able to identify and access contract implementation.
  • It is dangerous to rely on a single access control point. Implement a deep defense.

conclusion

For protocols to prevent similar events:

  1. Implement a strong signature verification in the contract delivery
  2. Keep a clear document on trust relationship between contracts
  3. Regular security audit focused on access control mechanisms
  4. Consider the implementation of the circuit breaker for significant price fluctuations.

This event shows the potential result of overlooking the importance of thorough security and the development of smart contracts.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Guardian Rewards – Vault12

July 2, 2026

REAL launches confidentiality layer to expand institutional RWA adoption.

June 30, 2026

Crypto Inheritance: A Guide for Lawyers

June 26, 2026
Add A Comment

Comments are closed.

Recent Posts

UK Online Leisure in 2026: How will cryptocurrency-friendly entertainment grow?

July 3, 2026

$437 Billion In Trading Volume, Offering Access To 7,000+ US Stocks And ETFs

July 3, 2026

Guardian Rewards – Vault12

July 2, 2026

Seamless Spending With Up To 120 USDT In Rewards

July 2, 2026

Banks Move on Euro Stablecoins

July 2, 2026

ORBS) Reports Total Holdings Of Approximately $386 Million, Includes OpenAI, Beast Industries, More Than 16,000 ETH And Over 283 Million WLD Tokens

July 2, 2026

JPMorgan Chase CEO opposes the Clarity Act and said banks will fight the bill in upcoming price hikes.

July 2, 2026

CZ blocks ETF withdrawal with $1 million Bitcoin call

July 2, 2026

Valle Capital Token Launches RWA And Agribusiness Ecosystem

July 1, 2026

Chainlink Price Prediction: Record Network Growth Meets Weak Tech

July 1, 2026

Ethereum Institutional Launches As Independent Non-Profit To Bring Institutional Finance Onchain At Scale

July 1, 2026

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

UK Online Leisure in 2026: How will cryptocurrency-friendly entertainment grow?

July 3, 2026

$437 Billion In Trading Volume, Offering Access To 7,000+ US Stocks And ETFs

July 3, 2026

Guardian Rewards – Vault12

July 2, 2026
Most Popular

FLock.io and Animoca Brands partner to strengthen decentralized AI development

November 3, 2024

Last week, asset outflows from cryptocurrency funds reached $500 million.

January 29, 2024

Blast TVL exceeds $1 billion in 40 days

December 29, 2023
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2026 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.