KiloEx Recovers 100% of $7.5 Million Stolen in DeFi Exploit

KiloEx, a decentralized exchange platform, has successfully recovered $7.5 million that was stolen in a recent exploit. The incident was first identified by Cyvers, a blockchain security firm, on April 14. The breach was traced to a vulnerability in KiloEx’s price oracle, which allowed the attacker to manipulate prices across multiple chains, including BNB, Base, and Taiko. The wallet used in the exploit was reportedly funded via Tornado Cash, a crypto-mixing service often associated with laundering illicit funds.

The attacker managed to steal approximately $3.3 million from the Base network, $3.1 million from opBNB, and $1 million from the Binance Smart Chain, totaling around $7.5 million in digital assets. In response to the breach, KiloEx suspended operations to contain the damage and prevent further exploitation. The exchange confirmed that the exploit was isolated and no longer posed an active threat. However, the financial and reputational damage had already been done.

To mitigate the situation, KiloEx issued a public appeal to the hacker, offering a 10% white hat bounty as an incentive to return the stolen funds. This move is increasingly common in the decentralized finance (DeFi) space, where such offers have sometimes resulted in the return of stolen assets and even collaborations with the original hackers in future security audits. The exchange published the wallet addresses linked to the attacker, stating that these addresses were under active surveillance by the exchange, law enforcement, and cybersecurity partners. KiloEx emphasized that they were prepared to freeze the funds should any movement be detected and would continue to track them across networks.

The message to the hacker was clear: return the funds or face legal consequences. If the attacker refused the white hat deal, KiloEx pledged to escalate the matter to law enforcement authorities, expose the hacker’s identity, and pursue the matter through legal channels with the help of its cybersecurity network. The hacker was instructed to make contact either via KiloEx’s official email or through an onchain message, ensuring the anonymity of the attacker was preserved—at least temporarily—should they opt to negotiate. The attacker responded to the offer and returned all the stolen funds four days after the attack, demonstrating a willingness to cooperate and potentially avoid legal repercussions.

With the funds fully recovered, KiloEx stated that it would keep its promise and award 10% of the recovered amount as a bounty to the white hat involved, recognizing their contribution to improving the platform’s security. The company also stated that it would not pursue legal action, instead praising the incident’s resolution as a step toward fostering stronger ties with the ethical hacking community. KiloEx added that it prioritizes long-term collaboration with the ethical security community and views this resolution as a cornerstone for mutual trust.

This incident highlights the growing trend of DeFi breaches and the need for robust security measures in the decentralized finance ecosystem. KiloEx’s proactive approach in offering a white hat bounty and swiftly addressing the breach may help the exchange regain some of the community’s trust. However, the incident serves as a reminder of the vulnerabilities present in DeFi platforms and the importance of continuous security audits and improvements. The attacker’s action marks a rare occurrence in an industry that has lost around $2 billion to hacks and exploits this year. Slowmist founder Yu Xian recognized the rareness of this action, while pointing out that choosing to act as a white-hat hacker and claim a bounty might truly be the best solution in this industry. However, this process isn’t easy, with too many points requiring negotiation, and if not handled well, it can spiral out of control.