TL;DR
- KiloEX suffered a $7.5 million theft following an attack that manipulated its price oracle; the Kilo token dropped more than 29% after the incident.
- Jake Gallen, CEO of Emblem Vault, lost over $100,000 in a Zoom-based attack linked to the group “ELUSIVE COMET,” which used malware to access his wallets.
- John Mullin, CEO of Mantra, denied any pre-crash sales of the OM token and promised on-chain evidence; Laser Digital and Shorooq also rejected their involvement.
A new security incident hit decentralized platform KiloEX, which suspended operations after suffering a $7.5 million exploit.
The attack revealed a critical flaw in its price oracle system. The attacker manipulated the ETH/USD pair, opening a position with an artificial price of 100 and closing it at 10,000, allowing them to extract funds with no real backing. The stolen assets were distributed across Base, opBNB, and BNB Smart Chain. According to cybersecurity firm PeckShield, the attacker routed the funds through zkBridge and Meson, making them harder to trace.
🚨 Security Incident Announcement: KiloEx Vault Exploit
Dear KiloEx Community,
We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is:
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
We urge all partner protocols and platforms to…— KiloEx (@KiloEx_perp) April 14, 2025
KiloEX Moves to Recover the Funds
The KiloEX team launched an investigation in collaboration with BNB Chain, Manta Network, and cybersecurity firms including Seal-911, SlowMist, and Sherlock. They also announced a bounty for anyone who helps recover the funds. Chaofan Shou from Fuzzland explained that the system allowed the oracle to be modified without verifying the original source of the transaction, which enabled the attack. The Kilo token price fell over 29% after the incident, just one day after the platform announced a partnership with DWF Labs.
Other Incidents in the Industry
Meanwhile, Emblem Vault CEO Jake Gallen reported losing over $100,000 in crypto after a Zoom call. The meeting was organized by a verified X account impersonating another CEO. During the call, Gallen allowed the installation of a malicious file named “GOOPDATE.” The attacker, linked to the group “ELUSIVE COMET,” accessed his credentials and drained multiple wallets, including a Ledger. They also attempted to compromise his X account to target additional victims. The firm SEAL identified the group as responsible for several recent scams. They recommended disabling Zoom’s default remote access features.
Finally, Mantra CEO John Mullin denied that major project investors sold OM tokens before the token’s 90% collapse. Mullin pledged to provide blockchain-based evidence and questioned the accuracy of reports linking Laser Digital and Shorooq Partners to suspicious activity. Both investors also denied involvement. Meanwhile, exchanges like Binance and OKX gave differing explanations about the origin of the crash. The investigation remains ongoing.
