Decentralized finance platform KiloEx is reeling from a significant crypto exchange hack, reporting a $7.4 million loss to Hong Kong authorities and assuring users of a forthcoming compensation plan. The incident highlights ongoing security challenges within the DeFi sector.
The exchange confirmed collaboration with the police’s Criminal Division and Cybercrime Unit in a detailed update shared publicly. Blockchain security experts SlowMist are also involved, aiding the investigation and attempting to trace the attacker’s identity.
Occurring on April 15, the exploit targeted a vulnerability in price oracle access controls. This weakness allowed an attacker to manipulate the ETH/USD price feed, extracting millions in a swift operation first detected by Cyvers Alerts across multiple blockchains.
Security analysts tracked the distribution of losses: approximately $3.3 million vanished from Base, $3.1 million from opBNB, and $1 million from BSC, totalling $7.4 million, according to on-chain data assessments.
KiloEx moved quickly to patch the vulnerability. The platform stressed that no user positions face liquidation; instead, they will be settled based on price data captured moments before the attack, nullifying exploit-related gains or losses.
In an attempt to recover the funds, KiloEx sent four on-chain messages to the hacker, offering a 10% “white hat” bounty (requesting 90% return) if the assets are returned. As yet, the hacker remains unresponsive, and the stolen digital assets are stationary. KiloEx has published the attacker’s wallet addresses, coordinating efforts to blacklist them across exchanges.
Addressing User Concerns
KiloEx publicly committed to making affected users whole. “We are currently raising funds and working on a compensation plan to ensure KiloEx users can quickly restore liquidity,” the team stated. The platform’s Vault function recovery hinges on finalizing this plan, with existing user funds confirmed secure.
This incident underscores the critical nature of price feed security in decentralized finance. Oracle manipulation remains a persistent threat, emphasizing the need for rigorous audits and robust access controls on secure crypto trading platforms.
The team has refuted speculation about internal collusion, highlighting full transparency with investigators. A detailed incident report is promised pending investigation progress, with trading expected to resume shortly. KiloEx is also offering rewards for external tips aiding the recovery effort, vital information for users understanding crypto wallet security.