KiloEx: Missing signature verification in MinimalForwarder → unvalidated oracle price update → multi-chain drain
KiloEx is a multi-chain perpetuals protocol backed by Binance Labs. Their oracle system used a chain of contract trust: . The contract accepted any forged signature with zero validation — anyone could submit arbitrary price updates.
Summary #
KiloEx suffered a Perpetuals DEX on 2025-04-14, resulting in a loss of approximately $7M.
What happened #
KiloEx is a multi-chain perpetuals protocol backed by Binance Labs. Their oracle system used a chain of contract trust: . The contract accepted any forged signature with zero validation — anyone could submit arbitrary price updates.
Linked factors #
- RD-F-001 — causal : ★ Audit scope mismatch — alternate field name [via dashboard_risk_factors/Exploited code in scope?: No — ScaleBit confirmed root cause was outside their scope] || ★ Direct: Audit scope mismatch (report commit ≠ deployed bytecode) [via cross-hack: Factor 1: Audit Scope Mismatch]
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited code (out of scope for all 5 audits)]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None pre-exploit (10% offered post-hack)]
- RD-F-090 — illustrative : Mixer withdrawal → protocol interaction [via realtime_signals/Pre-exploit on-chain signals: Tornado Cash funding of attacker wallet (April 13, one day prior); no other on-chain signals before attack]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly (Y/N): Y — extreme ETH price swings ($100 to $10,000) on-chain during attack; detectable if monitoring oracle price feeds]