In the world of cryptocurrencies, hacks are unfortunately not uncommon. But every now and then, an incident takes a surprising turn. That’s exactly what happened with the recent hack of KiloEx, a decentralized exchange (DEX), when the hacker behind a $7.5 million exploit decided to return all the stolen funds, just days after the attack.
The Initial Hack: KiloEx Loses $7.5 Million
The story began on April 15, when KiloEx, a decentralized exchange known for enabling peer-to-peer crypto transactions (P2P), was hit with a massive exploit. According to reports, the hacker managed to drain $7.5 million worth of cryptocurrency from the platform, forcing the exchange to suspend operations. While hacks like this have become somewhat routine in the crypto world, what happened next was far from expected.
Instead of keeping the funds, the hacker decided to return all of the stolen crypto — just four days after the attack. The recovery was confirmed by blockchain security platform PeckShieldAlert, which shared on social media that the exploiter had transferred back approximately $5.5 million of the stolen assets.
KiloEx’s Bold Offer: A White Hat Hacker Bounty
So, why did the hacker give back the funds? The answer lies in KiloEx’s response to the exploit. In an attempt to resolve the situation amicably, the exchange offered a bounty to the hacker. They proposed a $750,000 reward—around 10% of the stolen funds—if the hacker returned 90% of the stolen crypto.
This offer wasn’t just a regular plea. KiloEx referred to the hacker as a “white hat”—a term used for ethical hackers who identify vulnerabilities in a system to help improve its security. In exchange for returning the funds, KiloEx promised the hacker this reward as recognition for their efforts in exposing the platform’s weakness.
This strategy is not entirely uncommon in the world of cybersecurity. Companies and platforms occasionally offer bounties to hackers who help improve their security by identifying flaws. In this case, KiloEx’s offer seemed to work, as the hacker not only returned the stolen funds but also kept their end of the bargain by receiving the bounty.
KiloEx’s Response and Legal Decision
Once the funds were returned, KiloEx announced the full recovery of the stolen assets in a post on April 18. The exchange also clarified that it would not pursue legal action against the hacker, as the assets had been fully restored, and there were no remaining victims. According to KiloEx, the legal process to formally close the case was already underway.
The exchange also confirmed it was going to give 10% of the recovered portion to the hacker as originally noted. This decision reflects the exchange’s commitment to fairness and transparency, as well as acknowledging the hacker’s many efforts in identifying the weakness that led to the exploit.
Understanding the Exploit: A Price Oracle Issue
The hack itself seems to have been caused by a “price oracle issue.” In simpler terms, this means that the data used by KiloEx’s smart contracts to determine asset prices was manipulated or inaccurate. Price oracles are critical in decentralized finance (DeFi) platforms, as they provide real-time price data to smart contracts, ensuring transactions are fair and accurate.
If the price data is manipulated, it can lead to exploits like the one that occurred with KiloEx. In this case, it appears that the hacker exploited this issue to drain funds from the exchange. Blockchain security firm PeckShield mentioned that this type of vulnerability in price oracles is a known problem in the DeFi space.
The Bigger Picture: Improving Crypto Security
The KiloEx hack serves as a reminder of the ongoing security challenges faced by the cryptocurrency industry. While blockchain technology itself is secure, the platforms and exchanges that rely on it can still be vulnerable to exploits if they aren’t properly secured. This is especially true for decentralized exchanges like KiloEx, where there is no central authority to oversee transactions and monitor security.
In recent months, the need for better security measures in the crypto space has become more apparent. One major example is the $1.4 billion hack of the Bybit exchange in February, which remains the largest hack in crypto history. That attack highlighted the necessity of improving crypto security to prevent similar incidents in the future.
KiloEx’s decision to work with law enforcement and cybersecurity firms, including Seal-911, SlowMist, and Sherlock, shows that they are taking security seriously. These partnerships aim to uncover more details about the hacker’s identity and activity, ensuring that the platform can better defend against future exploits.
Looking Ahead: What’s Next for KiloEx?
With all the stolen funds being returned and no legal action taken, KiloEx is now focusing on enhancing the platform’s overall security. The team sees this incident as a wake-up call and a chance to reinforce weak points in their system, and build up their overall defense, or overall security architecture. The platform is committed to learning from the hack and taking serious steps to prevent anything similar from happening again. KiloEx’s goal now is to rebuild trust with their community while highlighting the fact that they will provide safer services, provide improved transparency, and become more closely aligned with security experts to prevent any future losses of customer funds.
In the coming months, we can expect KiloEx to continue working on enhancing its security measures. The platform has already begun collaborating with other cybersecurity firms, and further audits of its smart contracts may be conducted to ensure that similar vulnerabilities are not present in the future.
Toncoin 
USDS 
Coinbase Wrapped BTC 
Pepe 
Bittensor