KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.

Blockbeats

Yesterday

BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.

After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2529872910"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2529872910\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2529872910?lang=en_US&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-04-21 19:02","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2529872910","market":"us","top_or_hot":-1,"title":"KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.</p><p>After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>KiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nKiloEx Releases Hack Incident Analysis: Due to a missing function override in the smart contract, the attacker was able to steal assets cross-chain and has since returned 90%.\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-04-21 19:02 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/290564><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/290564\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"FT_SY_BTC","symbol_name":"CME比特币","start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/290564","article_id":"2529872910","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2529872910","pubTimestamp":1745233320,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contrac","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{"BK4601":"加密货币现货ETF","ETH":"迷你以太坊ETF-Grayscale","USDC":"USDATA Corp.","BTC":"Grayscale Bitcoin Mini Trust"},"translate_title":"KiloEx发布黑客事件分析：由于智能合约中缺少功能覆盖，攻击者能够跨链窃取资产，此后已返还90%。","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"BTC":1,"ETH":1,"BTCmain":1,"XBTmain":1,"USDC":1},"content_text":"BlockBeats News, April 21, KiloEx released a report on the root cause of the hack on April 21. The report pointed out that the incident was caused by the TrustedForwarder contract in its smart contract inheriting from OpenZeppelin's MinimalForwarderUpgradeable but failing to override the execute method, allowing this function to be called arbitrarily. The attack occurred from 18:52 to 19:40 (UTC) on April 14, with the attacker deploying malicious contracts on chains such as opBNB, Base, BSC, Taiko, B2, and Manta.After negotiating with the attacker, KiloEx agreed to let them keep 10% as a bounty, and the remaining assets (including USDT, USDC, ETH, BNB, WBTC, and DAI) have all been returned to the project's multi-sig wallet. The platform has completed the vulnerability fix and resumed operations.","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}