KiloEx smart contracts failed to properly verify the original caller in its oracle update logic on April 14, 2025, allowing unauthorized access and enabling the exploit
Claim
Claim
Quotes that support claims
“Anyone can change the Kilo’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller,” Shou said.
“Anyone can change the Kilo’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller,” Shou said.
Referenced by
Incident details
Crypto news
Data block
Nature and scope of the attack
Crypto news
Data block
