DeFi platform KiloEx to compensate users impacted by $7.5M hack
Decentralized exchange (DEX) KiloEx said it will compensate traders and stakers hurt by a $7.5 million exploit that temporarily shut down the platform earlier in April.
In an April 24 announcement , KiloEx said traders who had positions open while the platform was suspended would get full compensation if their losses increased or profits decreased. The platform said it would pay the difference.
KiloEx urged traders to close their positions immediately once the platform resumes operations, as delaying could affect their profit and losses, which may then impact the compensation amount.
“Please close your position as soon as possible after the platform resumes. Compensation will be calculated based on the platform’s resume time,” KiloEx stated.
For the platform’s Hybrid Vault stakers, KiloEx said that the stolen funds were fully reinjected into the vault. As a result, staker earnings and principal will remain unaffected. However, KiloEx said it will still provide an additional 10% annual percentage yield (APY) as a bonus for eligible stakers.
The bonus APY will be awarded to users who had funds in the vault prior to the platform’s resumption.
On April 15, KiloEx offered a 10% bounty to the hacker who stole the funds from the platform. The DEX said that the hacker could keep $750,000 as a white hat bounty if they decided to return 90% of the stolen funds. The platform threatened to expose the hacker’s identity and take legal action if they did not comply.
Shortly after, security platforms flagged transactions indicating that the KiloEx hacker returned the stolen funds. On April 18, the DEX said it would withdraw all legal action against the hacker and reward them with a 10% white hat bounty.
KiloEx hacker exploited a price oracle vulnerability
On April 14, KiloEx suspended its platform after containing the exploit that led to the $7.5 million in losses. Security firm PeckShield said the attacker likely exploited a price oracle vulnerability that allowed them to inflate the prices to gain more profit than they should have.
In a post-mortem published by KiloEx, the platform confirmed that the attacker exploited a permissionless function. The DEX said the attacker crafted a request that only authorized entities should have been able to do.
Using this, the attacker opened a position at an “artificially low price.” This was followed by closing the position at a higher price, providing illegitimate profit to the attacker.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Senate majority leader fast-tracks GENIUS Act to regulate stablecoins
Share link:In this post: Senate majority leader John Thune took steps to fast-track the GENIUS Act. Bill Hagerty may release an updated version of the GENIUS Act soon. Arthur Wilmarth believes the bill is deeply flawed.
Canada’s new Prime Minister will meet Trump to revive trading relations
Share link:In this post: Prime Minister Mark Carney will meet Donald Trump in Washington to address trade tensions. Canada plans to counter US tariffs affecting its key industries like auto and steel. King Charles will open Canada’s new parliament in Ottawa on May 27.
Google gets September court date to begin fight for its ad tech business
Share link:In this post: Google will face a U.S. antitrust trial starting September 22, 2025. The DOJ wants the tech giant to remove its key advertising tools, specifically its publisher ad server and ad exchange tools. The DOJ is attempting to force a sale of the Chrome web browser.
Charles Hoskinson Teases AI Agents Will Testrun Ouroboros Leios
Trending news
MoreCrypto prices
More
