This prompted an immediate platform suspension and a broad investigation involving major cybersecurity firms. Separately, Emblem Vault CEO Jake Gallen lost more than $100,000 in a sophisticated Zoom-based social engineering attack by the hacker group “ELUSIVE COMET.” Meanwhile, Mantra CEO John Mullin denied all of the allegations of insider selling before the OM token's recent 90% crash. He also challenged the accuracy of wallet attribution and pledged to release on-chain proof to clear major investors like Laser Digital and Shorooq Partners.
KiloEX Suffers Major $7.5 Million Exploit
Decentralized exchange KiloEX confirmed that it suffered a $7.5 million exploit. This led to the immediate suspension of its platform as the team works to trace and recover the stolen funds.
In a statement that was issued on April 14, KiloEX said it is collaborating with security partners and ecosystem players to investigate the incident and prevent any more losses. The team is analyzing how the attack happened and also committed to releasing a full post-mortem report alongside a bounty program for those who help in recovering the assets.
The breach seems to have exploited a vulnerability related to the platform's price oracle mechanism. Analysts from cybersecurity firm PeckShield suggested that the attacker manipulated the ETH/USD price feed, initially opening a position with an artificial price of 100 and then closing it with an inflated price of 10,000. This allowed the attackers to gain over $3.1 million in a single transaction. The firm confirmed that stolen assets included $3.3 million on Base, $3.1 million on opBNB, and $1 million on BNB Smart Chain.
It was also revealed that the attacker is routing the stolen funds through protocols like zkBridge and Meson. KiloEX is urgently engaging with both protocols to halt transactions and prevent additional losses. The platform is also working with BNB Chain, Manta Network, and prominent cybersecurity firms including Seal-911, SlowMist, and Sherlock to support the cross-ecosystem investigation.
Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, stated that the root cause was a poorly secured price oracle system. According to Shou, the platform allowed anyone to change the price oracle, validating only the intermediary caller and not the actual origin of the transaction, which made it vulnerable to such manipulation. He described the exploit as a "very simple vulnerability."
After the news of the exploit was made public, the price of KiloEX’s native token, Kilo, plummeted by more than 29% to $0.03606. The breach is particularly ill-timed as it happened just one day after KiloEX announced a strategic partnership with Dubai-based Web3 investment firm DWF Labs.
Kilo’s price action over the past 24 hours (Source: CoinMarketCap)
The partnership is aimed at expanding the platform’s market presence and accelerating its growth. DWF Labs recently launched a $250 million Liquid Fund to support blockchain projects.
Zoom Call Leads to Crypto Theft
Other threats are also plaguing the crypto community. Jake Gallen, the CEO of non-fungible token platform Emblem Vault, issued a public warning after falling victim to a very sophisticated scam that led to the theft of more than $100,000 worth of digital assets.
In a series of posts on X, Gallen revealed that his computer was fully compromised during a Zoom call, which resulted in the loss of Bitcoin and Ethereum from several crypto wallets. The attack has been linked to a threat actor known as “ELUSIVE COMET,” who is reportedly behind a wider campaign targeting crypto users.
Gallen explained that the scam took place during a video call arranged with a verified X account that claimed to be the CEO of a crypto mining platform. During the call, Gallen was persuaded to enable the installation of malware, later identified as “GOOPDATE,” which captured sensitive credentials and drained his wallets. The attacker left their camera off throughout the conversation, and exploited a Zoom feature that allows users to request remote access—something that is enabled by default on all accounts.
By working with cybersecurity firm The Security Alliance (SEAL), Gallen traced the attack to ELUSIVE COMET. The group is reportedly responsible for multiple high-profile thefts across the crypto space. SEAL explained that the attacker employs advanced social engineering tactics and maintains a convincing digital presence through entities like Aureon Capital, which falsely presents itself as a legitimate venture capital firm.
Other people in the industry, including NFT collector Leonidas, also shared the warning, and advised crypto professionals to disable Zoom’s default remote access settings. SEAL researcher Samczsun clarified that, while users must still grant access manually, the feature’s presence makes social engineering a lot easier and riskier.
The threat also extends beyond stolen assets, as Gallen’s X account was also compromised in a failed attempt to lure more victims via private messages. To make things worse, Gallen shared that the attackers accessed his Ledger hardware wallet despite limited usage and no digital storage of its credentials.
SEAL urged anyone who communicated with Aureon Capital to contact their emergency hotline on Telegram for assistance.
Mantra and Backers Reject Claims of Pre-Crash Token Dump
Meanwhile, Mantra CEO John Mullin denied claims that major investors sold large amounts of OM tokens ahead of the token’s sharp collapse on April 13. In a recent AMA, Mullin said that neither the Mantra team nor its strategic investors, including Laser Digital and Shorooq Partners, were responsible for the sell-offs. He even promised to provide verifiable on-chain evidence.
This response was provided after reports from Lookonchain and Arkham Intelligence alleged that wallets linked to Laser Digital moved approximately $227 million worth of OM tokens to exchanges before the crash.
Laser Digital is a Nomura-backed firm, and strongly denied any involvement. The firm stated that the wallets in question were misidentified and that it did not participate in the OM token sell-off. Shorooq Partners also denied selling any tokens, and explained that a wallet associated with one of its founding partners only conducted internal transfers, not sales. Both investors als clarified that they are still fully committed to Mantra.
Mullin questioned the accuracy of Arkham’s wallet labels and stated that the firm has no knowledge of the identities behind the addresses that sold OM tokens. He stressed that none of the implicated wallets belong to Mantra’s institutional partners and specifically cited a transparency report that was released earlier by the project.
Meanwhile, major exchanges involved in the trading activity offered some different views on the situation. Binance attributed the collapse to “cross-exchange liquidations,” while OKX flagged concerns over Mantra’s changing tokenomics and described the event as harmful to the broader crypto industry. The investigation into the cause of the crash and the identity of the sellers is still ongoing.
