Decentralized Eternal Exchange Kiloex has recently reported a $7.4 million hack to the Hong Kong police and is preparing a reward plan for affected users.
In a detailed update posted to X, the platform said it is working with police criminal and cybercrime divisions, as well as Slomast, the blockchain security company, to investigate the cases and track the hacker’s identity.
The April 15 violation was attributed to a vulnerability in Oracle Access Control at a price that allowed attackers to manipulate ETH/USD pricing, resulting in millions of people earning in a single transaction. Exploits were first detected by Cyvers alerts that flag suspicious cross-chain activities across base, drums, and BNB chains.
According to Peckshield, the losses spread to bases ($3.3 million), OPBNB ($3.1 million), and BSC ($1 million).
Killox said the vulnerability has been fixed and it emphasized that the open position does not face liquidation. Instead, all positions are closed based on price snapshots taken prior to the attack. Profits and losses from the exploit period are not counted in the final user balance.
The exchange begins communication with hackers and offers four on-chain messages to accept 90% of the stolen funds in exchange for the removal of the tracking. So far, no responses have been received and no funds have been moved. Kiloex also published the hacker wallet address and coordinated it with centralized and distributed platforms to block further access.
You might like it too: 80% of first-time crypto users demand visible security: Research
Provisional Remuneration Plan
To reassure users, Kiloex said it is raising funds for compensation and will gradually restore the Vault functionality after completing the plan.
“We are currently raising funds and working on a compensation plan to help Kiloex users recover liquidity quickly,” the exchange posted. “After the compensation plan is finalized, the safe function will gradually recover. The funds of users in the vault remain safe.”
The team denied rumors of internal involvement, noting that both slowmist and law enforcement have full access to that internal data.
If an investigation is permitted, a full report will be released. Trading is expected to resume soon. The YZI Labs-backed protocol offers users a bounty for rusted clues that can help them investigate.
You might like it too: Bitcoin Conference and the US 250 announce “Code & Country” at Bitcoin 2025 in Las Vegas
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
