KiloEx Suffers $7.4M Hack, Launches User Compensation Plan

Decentralized Perpetuals Exchange KiloEx Reports $7.4 Million Hack, Initiates Compensation Plan

KiloEx, a decentralized perpetuals exchange, has officially reported a recent $7.4 million hack to Hong Kong authorities and is actively working on a compensation plan to address user losses. The exchange announced that it is collaborating with the Criminal Division and Cybercrime Unit of the Hong Kong police, as well as blockchain security firm SlowMist, to investigate the breach and identify the perpetrator.

Details of the Exploit

The security breach, which occurred on April 15, was traced to a vulnerability in the platform’s price oracle access control. This flaw allowed the attacker to manipulate ETH/USD pricing, enabling them to siphon off millions of dollars in a single transaction. The exploit was initially flagged by Cyvers Alerts, which identified suspicious cross-chain activity across Base, Taiko, and BNB Chain.

According to blockchain security firm PeckShield, the losses were distributed across multiple chains:

• Base: $3.3 million
• opBNB: $3.1 million
• BSC: $1 million

Response and Mitigation Measures

KiloEx confirmed that the vulnerability has been patched to prevent future exploits. The exchange emphasized that no open positions will be liquidated. Instead, all positions will be closed based on price snapshots taken before the attack occurred. To ensure fairness, profits and losses incurred during the exploit period will not affect final user balances.

In an effort to recover the stolen funds, KiloEx has reached out to the hacker via four on-chain messages, offering to drop all legal pursuits in exchange for 90% of the stolen assets. However, the hacker has not responded, and the funds remain unmoved. To further limit the hacker’s ability to access the stolen funds, KiloEx has published the attacker’s wallet addresses and is working with both centralized and decentralized platforms to block any attempts to move the funds.

Compensation Plan Underway

To reassure its users, KiloEx announced that it is actively raising funds to compensate those affected by the hack. The platform also stated that it will gradually restore its Vault function once the compensation plan is finalized. Importantly, the exchange confirmed that funds stored in the Vault remain secure and unaffected by the breach.

“We are currently raising funds and working on a compensation plan to ensure KiloEx users can quickly restore liquidity,” the exchange stated. “The Vault function will gradually be restored after the compensation plan is finalized. Users’ funds in the Vault remain secure.”

KiloEx also addressed speculation about potential internal involvement in the hack, stating that both SlowMist and law enforcement agencies have been granted full access to its internal data to ensure transparency.

Ongoing Investigation and User Support

The exchange plans to release a comprehensive report on the incident once the investigation is complete. In the meantime, trading is expected to resume shortly. Additionally, KiloEx, which is backed by YZi Labs, has announced bounties for users who provide actionable clues that aid in identifying the hacker or recovering the stolen funds.

While the investigation continues, KiloEx remains committed to restoring user trust and ensuring the security of its platform. For cryptocurrency investors and enthusiasts, this incident serves as a reminder of the importance of robust security measures in decentralized finance.