The KiloEX hacker has returned stolen funds in two transactions, after the DEX team offered a 10% bounty. The hack, which exploited an oracle vulnerability, ended as a white hat event. 

KiloEX is receiving funds back from the hacker’s addresses, just days after the initial exploit. The hacker apparently responded to the offer of a 10% cut. 

In the past day, the wallets linked to the attacker sent out $1.4M and another $5.5M a few hours later. The attacker responded to the offer from April 15, when KiloEX offered to close its investigation if it received 90% of the lost funds. 

KiloEX warned the hacker that unless the funds were returned, the exchange would resort to a full investigation, including law enforcement and Web3 security partners.

To Hacker:

Our investigation, supported by law enforcement, cybersecurity agencies, and multiple exchanges & bridge protocols, has uncovered critical information about your activities.

We are actively monitoring your addresses (0x551f3110f12c763d1611d5a63b5f015d1c1a954c,…

— KiloEx (@KiloEx_perp) April 15, 2025

After the on-chain transfers, KiloEX noted that the case could be closed and started legal proceedings to stop further investigation into the hacker. The exchange has recovered all funds, and no users were harmed. The project now considers the attacker a white hat hacker eligible for the promised bounty.

After the hack, the DEX stopped all trading activities, so it will now have to relaunch its functions for 55 trading pairs. The DEX native token, KILO, recovered toward $0.42 after the first news of returned funds. The token still trades near a three-month low, as it was pressured by selling since its launch on March 28. 

Previously, the perpetual DEX handed over the case to the Hong Kong police in search of the hacker’s true identity. SlowMist has also been among the main investigators of the case, aiming to detail all transfers. 

KiloEX announced that the oracle vulnerability is now repaired, and a similar exploit is impossible. The DEX also said it would resume operations for its vault function once funds are recovered. Before the hacker returned the stolen tokens, KiloEX organized fundraising to quickly regain liquidity.

KiloEX suffered a multi-chain hack

Unlike previous hacks, which mostly used the Ethereum ecosystem, the KiloEX exploit was a multi-chain attack. The biggest obstacle to the hacker was that the bulk of funds were in USDC on the BNB Smart Chain. The DEX was hacked for a total of $7.4M on Base, BNB Chain, opBNB, and Taiko.

The KiloEX team warned that all wallets were watched, and some of the tokens were immediately freezeable. Cooperation with exchanges and protocols meant that not all funds could be swapped or laundered, especially Circle’s stablecoin. 

The latest hack was relatively small-scale, but it showcased the cooperation between exchanges and protocols. The main support came from counterparties like Binance, Manta Network, as well as Mexc, Gate, and Bybit as destinations for laundering crypto funds. 

The DEX got attacked just weeks after its token launch, leading to additional loss of value. The exchange handled its attack with transparency, hoping to retain its good reputation. KiloEX accelerated on growing demand for perpetual futures trading with high leverage. While risky, those tools remain key for achieving gains based on increased asset volatility. 

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot