KiloEx to Compensate Users After $7.5 Million Exploit

According to Cointelegraph, decentralized exchange KiloEx has announced plans to compensate traders and stakers affected by a $7.5 million exploit that temporarily halted its operations in April. In a statement on April 24, KiloEx assured traders with open positions during the suspension that they would receive full compensation for any increased losses or decreased profits. The platform committed to covering the difference, urging traders to close their positions promptly once operations resume to ensure accurate compensation calculations. KiloEx also addressed its Hybrid Vault stakers, confirming that the stolen funds had been fully reinjected into the vault, leaving staker earnings and principal unaffected. Additionally, the platform promised an extra 10% annual percentage yield (APY) as a bonus for eligible stakers who had funds in the vault before the platform's resumption. This move aims to reassure users of the platform's commitment to maintaining their investments. Earlier, on April 15, KiloEx offered a 10% bounty to the hacker responsible for the exploit, allowing them to retain $750,000 if they returned 90% of the stolen funds. The platform warned of revealing the hacker's identity and pursuing legal action if they failed to comply. Following this, security platforms detected transactions suggesting the hacker returned the stolen funds. By April 18, KiloEx announced it would drop all legal actions and reward the hacker with the promised 10% white hat bounty. The exploit, which occurred on April 14, involved a price oracle vulnerability that allowed the attacker to manipulate prices for illicit gains. Security firm PeckShield identified the vulnerability, noting that the attacker exploited a permissionless function to craft unauthorized requests. This enabled the attacker to open a position at an artificially low price and close it at a higher price, resulting in illegitimate profits. KiloEx's post-mortem confirmed these findings, highlighting the need for enhanced security measures to prevent future incidents.