KiloEx announces hacker incident analysis: Due to the contract not rewriting key functions, the attacker has returned 90% of the assets stolen cross-chain.
Odaily News KiloEx released a root cause analysis report on the hacker incident on April 21. The report pointed out that the incident was caused by its smart contracts where the TrustedForwarder contract inherited OpenZeppelin's MinimalForwarderUpgradeable but did not override the execute method, allowing the function to be called by anyone. The attack occurred from April 14, 18:52 to 19:40 (UTC), with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta to carry out the attack.
After negotiating with the attacker, KiloEx agreed to keep 10% as a bounty, and the remaining assets (covering USDT, USDC, ETH, BNB, WBTC, and DAI) have all been refunded to the project's multi-signature wallet. The platform has completed the vulnerability fix and resumed operations.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
KiloEx announces hacker incident analysis: Due to the contract not rewriting key functions, the attacker has returned 90% of the assets stolen cross-chain.
Odaily News KiloEx released a root cause analysis report on the hacker incident on April 21. The report pointed out that the incident was caused by its smart contracts where the TrustedForwarder contract inherited OpenZeppelin's MinimalForwarderUpgradeable but did not override the execute method, allowing the function to be called by anyone. The attack occurred from April 14, 18:52 to 19:40 (UTC), with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta to carry out the attack. After negotiating with the attacker, KiloEx agreed to keep 10% as a bounty, and the remaining assets (covering USDT, USDC, ETH, BNB, WBTC, and DAI) have all been refunded to the project's multi-signature wallet. The platform has completed the vulnerability fix and resumed operations.