{"id":1058,"date":"2025-06-12T12:50:44","date_gmt":"2025-06-12T10:50:44","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=1058"},"modified":"2025-06-12T12:50:44","modified_gmt":"2025-06-12T10:50:44","slug":"inside-the-7-5m-kiloex-hack","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/","title":{"rendered":"Inside the $7.5M KiloEx Hack"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol&#8217;s access control mechanisms. Let&#8217;s dive into what happened and what we can learn from it.<\/span><\/p>\n<h2><b>Root cause<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The root of the exploit was an access control issue in the protocol&#8217;s <code class=\"codehl\">MinimalForwarder<\/code>contract<\/span><span style=\"font-weight: 400;\">. The contract, which was inherited from OpenZeppelin&#8217;s <code class=\"codehl\">MinimalForwarderUpgradeable<\/code> <\/span><span style=\"font-weight: 400;\">contained a vulnerability in its <code class=\"codehl\">execute<\/code><\/span><span style=\"font-weight: 400;\">function that failed to properly verify signatures against provided data.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-1059 size-large\" src=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-1-1024x138.png\" alt=\"\" width=\"1024\" height=\"138\" srcset=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-1024x138.png 1024w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-300x41.png 300w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-768x104.png 768w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-1536x208.png 1536w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-370x50.png 370w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1-760x103.png 760w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-1.png 1753w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h3><b>Trust model<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The KiloEx protocol operated with a complex trust model involving multiple contracts:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">KiloPriceFeed \u2192 Keeper<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Keeper \u2192 PositionKeeper<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">PositionKeeper \u2192 MinimalForwarder<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">MinimalForwarder \u2192 Unrestricted Access<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The critical flaw resided in the final link of this chain, where the <code class=\"codehl\">MinimalForwarder<\/code> contract <\/span><span style=\"font-weight: 400;\">essentially trusted any incoming request.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-1060\" src=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-2-1024x246.png\" alt=\"\" width=\"1024\" height=\"246\" srcset=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-1024x246.png 1024w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-300x72.png 300w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-768x185.png 768w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-1536x369.png 1536w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-370x89.png 370w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2-760x183.png 760w, https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/06\/kiloex-2.png 2037w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h2><b>The attack vector<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The attacker exploited the vulnerability by crafting malicious transactions that bypassed the intended access controls. To successfully execute the attack, they needed only to provide:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A valid <code class=\"codehl\">from<\/code><\/span><span style=\"font-weight: 400;\">\u00a0address (obtainable from previous transactions)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A valid <code class=\"codehl\">signature<\/code><\/span><span style=\"font-weight: 400;\">\u00a0(also observable from on-chain data)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Any arbitrary <code class=\"codehl\">to<\/code><\/span><span style=\"font-weight: 400;\">\u00a0address (in this case, the <\/span><span style=\"font-weight: 400;\">PositionKeeper<\/span><span style=\"font-weight: 400;\">)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Custom <code class=\"codehl\">data<\/code><\/span><span style=\"font-weight: 400;\">\u00a0for function execution<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">What made this attack particularly concerning was that the implementation of the <code class=\"codehl\">MinimalForwarder<\/code> <\/span><span style=\"font-weight: 400;\">contract was not transparent and couldn&#8217;t be found on either BSC or Base.<\/span><\/p>\n<h2><b>Attack execution<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The attacker executed their exploit through a series of calculated steps:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manipulated the oracle to decrease the asset price<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Opened long positions at the artificially lowered price<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manipulated the oracle again to increase the price<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Closed positions for significant profit<\/span><\/li>\n<\/ol>\n<h2><b>Impact and implications<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">This incident is a reminder of several critical security principles:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Access control is critical<\/b><span style=\"font-weight: 400;\"> \u2013 Even inherited contracts need careful review and potential modification to ensure they meet specific security requirements.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Trust model verification<\/b><span style=\"font-weight: 400;\"> \u2013 Complex trust relationships between contracts require thorough validation at each step.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Oracle security<\/b><span style=\"font-weight: 400;\"> \u2013 Price feed mechanisms remain a critical attack vector in DeFi protocols.<\/span><\/li>\n<\/ol>\n<h2><b>Transaction evidence<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The attack was executed across multiple chains:<\/span><\/p>\n<p><b>Binance Smart Chain<\/b><span style=\"font-weight: 400;\">:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/bscscan.com\/tx\/0x38b25be14b83fd549d5e0b29ba962db83d41f5f9072d0eac4f692fa8e7110bc0\"><span style=\"font-weight: 400;\">0x38b25be14b83fd549d5e0b29ba962db83d41f5f9072d0eac4f692fa8e7110bc0<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/bscscan.com\/tx\/0x1aaf5d1dc3cd07feb5530fbd6aa09d48b02cbd232f78a40c6ce8e12c55927d03\"><span style=\"font-weight: 400;\">0x1aaf5d1dc3cd07feb5530fbd6aa09d48b02cbd232f78a40c6ce8e12c55927d03<\/span><\/a><\/li>\n<\/ul>\n<p><b>Base<\/b><span style=\"font-weight: 400;\">:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/basescan.org\/tx\/0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd\"><span style=\"font-weight: 400;\">0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/basescan.org\/tx\/0xde7f5e78ea63cbdcd199f4b109db2a551b4462dec79e4dba37711f6c814b26e6\"><span style=\"font-weight: 400;\">0xde7f5e78ea63cbdcd199f4b109db2a551b4462dec79e4dba37711f6c814b26e6<\/span><\/a><\/li>\n<\/ul>\n<h2><b>Key takeaways<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Always thoroughly review and test inherited contracts, especially their access control mechanisms.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Contract implementations should be verified and accessible for security analysis.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Relying on a single point of access control is risky; implement defense in depth.<\/span><\/li>\n<\/ul>\n<h2><b>Conclusion<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">For protocols looking to prevent similar incidents:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement robust signature verification in forwarding contracts<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Maintain clear documentation of trust relationships between contracts<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Regular security audits with focus on access control mechanisms<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Consider implementing circuit breakers for significant price movements<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">This incident shows the importance of thorough security reviews and the potential consequences of overlooking access control mechanisms in smart contract development.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol&#8217;s access control mechanisms. Let&#8217;s dive into what happened and what we can learn from it. Root cause The root of the exploit was an access control issue in the&hellip;<\/p>\n","protected":false},"author":30,"featured_media":1016,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,84,80],"tags":[24,86,152,64],"class_list":["post-1058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum","category-hacks","category-solidity","tag-ethereum","tag-hack","tag-kiloex","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol&#039;s access control mechanisms. Let&#039;s dive into what happened and what we can learn from it. Root cause The root of the exploit\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Tom\u00e1\u0161 Kova\u0159\u00edk\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Ackee Blockchain - Blog &amp; Research\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Inside the $7.5M KiloEx Hack - Ackee Blockchain\" \/>\n\t\t<meta property=\"og:description\" content=\"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol&#039;s access control mechanisms. Let&#039;s dive into what happened and what we can learn from it. Root cause The root of the exploit\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2025-06-12T10:50:44+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2025-06-12T10:50:44+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Inside the $7.5M KiloEx Hack - Ackee Blockchain\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Learn about the recent hack of KiloEx from a security perspective and how it could have been prevented.\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-blog.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#blogposting\",\"name\":\"Inside the $7.5M KiloEx Hack - Ackee Blockchain\",\"headline\":\"Inside the $7.5M KiloEx Hack\",\"author\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/tomas-kovarik\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/Cross-Function-Reentrancy-Attack.png\",\"width\":986,\"height\":680},\"datePublished\":\"2025-06-12T12:50:44+02:00\",\"dateModified\":\"2025-06-12T12:50:44+02:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#webpage\"},\"articleSection\":\"Ethereum, Hacks, Solidity, Ethereum, Hack, kiloex, security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ackee.xyz\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/ethereum\\\/#listItem\",\"name\":\"Ethereum\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/ethereum\\\/#listItem\",\"position\":2,\"name\":\"Ethereum\",\"item\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/ethereum\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#listItem\",\"name\":\"Inside the $7.5M KiloEx Hack\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#listItem\",\"position\":3,\"name\":\"Inside the $7.5M KiloEx Hack\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/category\\\/ethereum\\\/#listItem\",\"name\":\"Ethereum\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\",\"name\":\"Ackee Blockchain\",\"description\":\"Blog & Research\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/cropped-ABCH_Logo_blue-black.png\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#organizationLogo\",\"width\":5268,\"height\":825},\"image\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#organizationLogo\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/tomas-kovarik\\\/#author\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/tomas-kovarik\\\/\",\"name\":\"Tom\\u00e1\\u0161 Kova\\u0159\\u00edk\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#authorImage\",\"url\":\"https:\\\/\\\/abchprod.wpengine.com\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/avatar_user_30_1756111591-96x96.png\",\"width\":96,\"height\":96,\"caption\":\"Tom\\u00e1\\u0161 Kova\\u0159\\u00edk\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#webpage\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/\",\"name\":\"Inside the $7.5M KiloEx Hack - Ackee Blockchain\",\"description\":\"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol's access control mechanisms. Let's dive into what happened and what we can learn from it. Root cause The root of the exploit\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/tomas-kovarik\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/author\\\/tomas-kovarik\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/03\\\/Cross-Function-Reentrancy-Attack.png\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#mainImage\",\"width\":986,\"height\":680},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/inside-the-7-5m-kiloex-hack\\\/#mainImage\"},\"datePublished\":\"2025-06-12T12:50:44+02:00\",\"dateModified\":\"2025-06-12T12:50:44+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/\",\"name\":\"Ackee Blockchain\",\"description\":\"Blog & Research\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/ackee.xyz\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Inside the $7.5M KiloEx Hack - Ackee Blockchain","description":"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol's access control mechanisms. Let's dive into what happened and what we can learn from it. Root cause The root of the exploit","canonical_url":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#blogposting","name":"Inside the $7.5M KiloEx Hack - Ackee Blockchain","headline":"Inside the $7.5M KiloEx Hack","author":{"@id":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/#author"},"publisher":{"@id":"https:\/\/ackee.xyz\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack.png","width":986,"height":680},"datePublished":"2025-06-12T12:50:44+02:00","dateModified":"2025-06-12T12:50:44+02:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#webpage"},"isPartOf":{"@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#webpage"},"articleSection":"Ethereum, Hacks, Solidity, Ethereum, Hack, kiloex, security"},{"@type":"BreadcrumbList","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog#listItem","position":1,"name":"Home","item":"https:\/\/ackee.xyz\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/ethereum\/#listItem","name":"Ethereum"}},{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/ethereum\/#listItem","position":2,"name":"Ethereum","item":"https:\/\/ackee.xyz\/blog\/category\/ethereum\/","nextItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#listItem","name":"Inside the $7.5M KiloEx Hack"},"previousItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#listItem","position":3,"name":"Inside the $7.5M KiloEx Hack","previousItem":{"@type":"ListItem","@id":"https:\/\/ackee.xyz\/blog\/category\/ethereum\/#listItem","name":"Ethereum"}}]},{"@type":"Organization","@id":"https:\/\/ackee.xyz\/blog\/#organization","name":"Ackee Blockchain","description":"Blog & Research","url":"https:\/\/ackee.xyz\/blog\/","logo":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#organizationLogo","width":5268,"height":825},"image":{"@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#organizationLogo"}},{"@type":"Person","@id":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/#author","url":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/","name":"Tom\u00e1\u0161 Kova\u0159\u00edk","image":{"@type":"ImageObject","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#authorImage","url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/08\/avatar_user_30_1756111591-96x96.png","width":96,"height":96,"caption":"Tom\u00e1\u0161 Kova\u0159\u00edk"}},{"@type":"WebPage","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#webpage","url":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/","name":"Inside the $7.5M KiloEx Hack - Ackee Blockchain","description":"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol's access control mechanisms. Let's dive into what happened and what we can learn from it. Root cause The root of the exploit","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/ackee.xyz\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#breadcrumblist"},"author":{"@id":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/#author"},"creator":{"@id":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack.png","@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#mainImage","width":986,"height":680},"primaryImageOfPage":{"@id":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/#mainImage"},"datePublished":"2025-06-12T12:50:44+02:00","dateModified":"2025-06-12T12:50:44+02:00"},{"@type":"WebSite","@id":"https:\/\/ackee.xyz\/blog\/#website","url":"https:\/\/ackee.xyz\/blog\/","name":"Ackee Blockchain","description":"Blog & Research","inLanguage":"en-US","publisher":{"@id":"https:\/\/ackee.xyz\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Ackee Blockchain - Blog &amp; Research","og:type":"article","og:title":"Inside the $7.5M KiloEx Hack - Ackee Blockchain","og:description":"On April 14, 2025, the KiloEx protocol suffered a significant security breach resulting in approximately $7.5 million in losses. The incident stemmed from an oracle manipulation attack, highlighting critical vulnerabilities in the protocol's access control mechanisms. Let's dive into what happened and what we can learn from it. Root cause The root of the exploit","og:url":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/","og:image":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","og:image:secure_url":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/cropped-ABCH_Logo_blue-black.png","article:published_time":"2025-06-12T10:50:44+00:00","article:modified_time":"2025-06-12T10:50:44+00:00","twitter:card":"summary_large_image","twitter:title":"Inside the $7.5M KiloEx Hack - Ackee Blockchain","twitter:description":"Learn about the recent hack of KiloEx from a security perspective and how it could have been prevented.","twitter:image":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-blog.png"},"aioseo_meta_data":{"post_id":"1058","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"summary_large_image","twitter_image_type":"custom_image","twitter_image_url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-blog.png","twitter_image_custom_url":"https:\/\/abchprod.wpengine.com\/wp-content\/uploads\/2025\/06\/kiloex-blog.png","twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":"Learn about the recent hack of KiloEx from a security perspective and how it could have been prevented.","schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"limit_modified_date":false,"ai":null,"created":"2025-06-12 10:50:32","updated":"2025-06-12 11:06:01","breadcrumb_settings":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ackee.xyz\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/ackee.xyz\/blog\/category\/ethereum\/\" title=\"Ethereum\">Ethereum<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tInside the $7.5M KiloEx Hack\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/ackee.xyz\/blog"},{"label":"Ethereum","link":"https:\/\/ackee.xyz\/blog\/category\/ethereum\/"},{"label":"Inside the $7.5M KiloEx Hack","link":"https:\/\/ackee.xyz\/blog\/inside-the-7-5m-kiloex-hack\/"}],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2025\/03\/Cross-Function-Reentrancy-Attack-600x600.png","author_info":{"display_name":"Tom\u00e1\u0161 Kova\u0159\u00edk","author_link":"https:\/\/ackee.xyz\/blog\/author\/tomas-kovarik\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=1058"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/1058\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/1016"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=1058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=1058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=1058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}