KiloEx, a recently launched perpetual trading platform supported by YZi Labs (previously known as Binance Labs), has been targeted by a cross-chain exploit resulting in the theft of around $7 million.

The breach, which began on April 14, is still ongoing and has impacted activities on BNB Smart Chain, Base, and Taiko networks.

Hackers managed to siphon off $7 million from KiloEx by utilizing Tornado Cash, as per findings by Cyvers analysts. The attacker utilized a Tornado Cash-funded address to conduct a sequence of organized transactions, taking advantage of potential flaws in KiloEx's price oracle system.

Analysis of on-chain data reveals swift movement of funds across multiple chains, increasing concerns regarding vulnerabilities in the DeFi architecture that spans multiple chains.

KiloEx initiated its Token Generation Event (TGE) on March 27 in collaboration with Binance Wallet and PancakeSwap, and it is currently traded on Binance Alpha.

Cyvers reported, “The primary issue stemmed from a potential vulnerability in price oracle access control. The attacker continues to exploit the system actively, and USDC may face potential blacklisting.”

YZi Labs incubated the project, gaining attention for its ties and integration with BNB Smart Chain.

Following the breach, KiloEx has halted its operations and is working with security partners to probe the breach and locate the stolen funds.

The team has disclosed intentions to launch a bounty program to incentivize ethical hackers to assist in recovering user assets.

After the incident, the KILO token experienced a drastic 30% decline in value, leading to a drop in market capitalization from $11 million to $7.5 million in just a few hours.

Security teams are currently keeping a close eye on the attacker’s wallet addresses. The situation remains fluid as efforts to mitigate the issue persist and a deeper assessment of the vulnerability is carried out.