- KiloEx fully repays users after a $7.5M exploit, offering full compensation for affected traders and a 10% APY bonus to vault stakers.
- Hacker keeps $750K bounty after returning stolen funds, avoiding legal action following KiloEx’s white-hat deal.
- Exploit stemmed from a price oracle flaw, allowing unauthorized asset inflation.
Decentralized exchange platform KiloEx has announced that it will reward traders and stakers who were affected by the $7.5 million hack that caused a temporary shut down of the platform earlier this month. In a recent announcement on X, KiloEx stated that traders with open trading positions when the platform suspended operations will receive full rewards, whether their losses or profits increased or decreased.
The platform added that traders should close any open positions left immediately it reopens operations. It explained that any delay in closing those positions would impact their losses or profits and affect their compensation amount.
KiloEx Rewards Hacker with Bounty and Offers Bonus APY to Vault Stakers
KiloEx also said that stolen funds from its hybrid vault stakers have been added back to the vault completely. Hence, there’s no effect of the hack on staker earnings and principal.
Still, the decentralized exchange stated that it would give an extra 10% annual percentage yield (APY) for eligible stakers. Stakers that are eligible are those with funds in the vault before the platform resumed operations.
Nine days ago, KiloEx promised the hacker 10% of the stolen funds if they return the whole funds. Thus, the hacker would keep $750,000 and return the remaining amount of the total $7.5 million they stole.
The platform warned that it would reveal the hacker’s identity and take legal steps should they fail to comply with its directive. Not long after, on-chain analytics platforms monitoring the funds movement revealed that the KiloEx exploiter had refunded the stolen assets.
Three days after the bounty promise, the DEX announced that it would no longer take any legal action against the hacker and sent them the 10% white hat bounty it earlier promised.
KiloEx: Hacker Used “Authorized-Only” Request in $7.5M Breach
Ten days ago, the DEX announced a suspension of operations on its platform after securing the breach that led to the $7.5 million hack. Leading blockchain security firm, PeckShield, explained that the hack was possible because of a price oracle weakness, which enabled them to inflate the prices of assets and make illegal gains.In its post-hack analysis, KiloEx confirmed PeckShield’s analysis of the event. It added that the attacker generated a request that was only possible for authorized entities.
