Keelox, a Dex Stock Exchange (DeX), has been trading permanent future contracts, to an advanced attack on Tuesday, which left users to reeling with losses of about $ 7 million.
The exploitation is revealed via multiple Blockchain networks and it appears to be a weak Oracle Oracle system, for each Blockchain analysis company.
The attacker, using a portfolio funded by Tornado Cash – a tool that blocks transactions paths – a series of transactions on basic networks, the BNB series and Taiko networks to take advantage of a defect in the Oracle price system in the platform, allowing the attacker to process asset prices.
Kiloex has since confirmed the breach and suspended processes, and is now working with partners to track stolen money and insert the attacker’s portfolio.
Oracles are Blockchain tools that transmit any type of external data to Blockchain, where smart contracts use these data to make decisions for the financial application. That is, Oracle tells the platform if ETHER (ETH) equals $ 2000 or $ 3,000, ensuring trading at fair market prices.
But the oacles can be a weak link. In the case of Kiloex, the attacker used a security vulnerability to reach Oracle – mainly, a defect that allows them to tamper with data using flash (or temporary liquidity) loans that deceived the regime to false prices.
The attacker tackled OCCLE to report a ridiculous price for ETH (for example, $ 100) when opening a trading position in the field of benefit. The leverage allows merchants to borrow money to inflate their bets, so that the fake price can create huge abnormalities.
This made it look like a great profit, then withdrew from Kiloex’s cellar. Repeat the attacker across the base, the BNB and Taiko series, and the exploitation of the crossed Kiloex series to increase the gains before the platform interacts.
In one transaction, the attacker recorded $ 3.12 million in one step.
This is not the first time that the DEFI platform has been exposed by Oracle processing. Similar attacks such as Mango Markets targeted in 2022, which were stolen 100 million dollars, and the cream financing in 2021, with losses of $ 130 million.
publish_date
