Beldex (bdx) 
“`html
KiloEx, a decentralized perpetual exchange, has released a detailed post-mortem report following a $7 million exploit caused by a critical vulnerability in its smart contract. The breach, which occurred due to an oversight in the TrustedForwarder contract, highlights the importance of rigorous security audits in the cryptocurrency space.
What Led to the Exploit?
According to KiloExβs report, the vulnerability originated from the TrustedForwarder contract, which inherited functionality from OpenZeppelinβs MinimalForwarderUpgradeable. The issue arose because the βexecuteβ method was not properly overridden, leaving it permissionless. This critical oversight allowed the attacker to manipulate trading positions across multiple blockchain networks.
The exploit took place on April 13, starting with the attacker withdrawing 1 ETH from Tornado Cash to fund wallets across different chains. By abusing the open method, the hacker managed to open and close positions at favorable prices, completing the exploit in under an hour.
Detection and Impact
The exploit was first flagged by Cyvers Alerts, which detected suspicious cross-chain activity on Base, Taiko, and BNB Chain. Blockchain security firm PeckShield later confirmed that the losses were distributed across Base, opBNB, and BSC. The total damage amounted to $7 million, making this a significant event in the decentralized finance (DeFi) space.
How the Hacker Was Engaged
Following the attack, KiloEx initiated negotiations with the hacker. After prolonged discussions, the attacker agreed to a 10% bounty in exchange for returning the remaining funds. All stolen assets were systematically transferred back to KiloExβs designated Safe multi-signature wallets.
Measures Taken Post-Attack
KiloEx stated that the vulnerability has been fully addressed, and no open trading positions will face liquidation. Instead, all positions will be closed based on price snapshots taken before the exploit occurred. To ensure fairness, profits and losses from the time of the exploit will not be factored into usersβ final account balances.
Additionally, KiloEx collaborated with law enforcement agencies and blockchain security firm SlowMist to investigate the breach. The platform has emphasized its commitment to enhancing security measures to prevent similar incidents in the future.
Key Takeaways for the Crypto Community
This exploit underscores the need for robust security practices in the rapidly evolving DeFi sector. Here are some tips for both platforms and users:
- For Platforms: Conduct thorough smart contract audits and continuously test for vulnerabilities.
- For Users: Diversify investments and avoid allocating significant funds to platforms with limited security records.
- Stay Informed: Keep track of updates from trusted crypto platforms and security firms.
While KiloEx has taken steps to mitigate the damage and restore user confidence, this incident serves as a stark reminder of the risks inherent in decentralized finance. As the industry grows, prioritizing security will be critical to its long-term success.
“`
