23Pds, the chief information security officer of SlowMist Technology, tweeted that "the root cause of the Kilo Ex attack is the serious vulnerability in the access control of the price oracle. In simple terms, the oracle should be updated by a trusted role, but due to the lack of necessary permission restrictions, the attacker was able to bypass the verification mechanism and arbitrarily tamper with the asset price to manipulate the contract logic."