In an unexpected turn following a significant DeFi exploit, the individual behind the recent $7.4 million KiloEx crypto hack has sent back a portion of the illicitly gained funds.
After days without communication, approximately $1.4 million in USDT was transferred back to a KiloEx-controlled address, as confirmed by blockchain security analysts at PeckShield on April 18. KiloEx, a decentralized perpetuals exchange operating across multiple chains, suffered the multi-million dollar loss on April 15.
[PeckShieldAlert confirming fund return]
The attack exploited a price oracle vulnerability, a common weak point in DeFi protocols where attackers manipulate external price feeds. This allowed the hacker to inflate ETH/USD values, draining $3.3M from Base, $3.1M from opBNB, and $1M from BSC, according to security researchers who initially flagged the incident and traced funds back to the privacy mixer Tornado Cash.
This partial return comes after KiloEx issued a 72-hour deadline to the attacker, offering a 10% ‘white hat’ bounty if the remaining 90% was returned. The exchange publicly warned it was tracking the stolen cryptocurrency and prepared to freeze assets.
When the deadline passed unanswered, KiloEx escalated its response. On April 17, the platform filed a formal report with Hong Kong law enforcement and engaged cybersecurity firm SlowMist to aid the investigation, sharing crucial data with authorities.
While the $1.4 million is significantly less than the 90% KiloEx sought, the return signals a potential shift in the situation. It remains unclear if this represents the start of further negotiations or the full extent of the funds the hacker intends to return. KiloEx has yet to publicly acknowledge the receipt or comment on its next steps regarding the returned assets.
Meanwhile, the exchange is concentrating on restoring full trading functionality and developing a compensation plan for affected users. KiloEx assured its community that existing open positions would be settled based on prices before the exploit occurred, removing the risk of forced liquidations due to the incident.