In a surprising turn of events, the hacker behind the $7.5 million exploit of decentralized exchange KiloEx has returned the entire sum just four days after the initial attack.
On April 14, KiloEx suspended its perpetual futures trading platform following a severe security breach that resulted in attackers draining $7.5 million worth of cryptocurrency assets across the Base, opBNB, and BNB Chain networks.
The exploit was traced to a flaw in KiloEx’s price oracle system, which allowed the attacker to manipulate the ETH/USD price feed.
This enabled the attacker to open positions at absurdly low prices and close them at vastly inflated values, profiting millions in single transactions.
Approximately $3.3 million was drained from Base, $3.1 million from opBNB, and $1 million from BSC.
The breach prompted an immediate shutdown of the platform and an urgent call to arms.
KiloEx mobilized a broad coalition of cybersecurity experts and blockchain partners, including SlowMist, BlockSec, SEAL 911, Manta Network, BNB Chain, and many others.
They began forensic investigations to trace the stolen funds and identify the attacker.
In the days following the attack, PeckShield identified associated wallet addresses, and on-chain activity showed that portions of the funds, approximately $5.5 million, were being returned, suggesting that negotiations were underway.
The Ultimatum That Changed the Course
KiloEx’s swift response and aggressive public strategy likely played a crucial role in the resolution.
Just hours after confirming the exploit, the platform issued a stern ultimatum to the attacker via X (formerly Twitter), presenting a choice: return 90% of the funds within 72 hours and receive a 10% white-hat bounty, or face relentless legal and forensic pursuit.
The DEX revealed that it had already identified blockchain addresses linked to the attacker and placed them under constant surveillance.
These could be frozen at any moment, KiloEx warned, as they were actively working with exchanges and security partners.
The hacker was offered safe passage if they complied, and KiloEx pledged not to pursue further legal action.
Should they fail to respond, the matter would escalate into a full-blown criminal case, backed by law enforcement, cybersecurity firms, and international exchange networks.
Apparently, the attacker decided the risk wasn’t worth the reward.
By April 18, the full $7.5 million had been returned. KiloEx issued a statement expressing relief and gratitude, confirming that the matter was resolved.
They also upheld their offer and awarded the attacker a 10% white-hat bounty of $750,000, thereby turning an exploiter into a contributor in a gesture of ethical closure.
Recurring Oracle Exploits and White Hat Resolutions
The KiloEx saga is the latest in a growing pattern of DeFi platforms falling victim to oracle-based price manipulation exploits.
These attacks target the very system that delivers real-world data to smart contracts, and their manipulation can have devastating consequences.
Similarly to this KiloEx incident, on October 25 last year, a hacker returned $6.1 million to a U.S. government wallet after initially stealing over $20 million in various cryptocurrencies.
That breach, although different in scale and nature, similarly concluded with the attacker voluntarily returning assets, likely under external pressure.
In the case of KiloEx, the collaborative response from blockchain partners, law enforcement, and cybersecurity professionals helped ensure a swift outcome.
The platform publicly acknowledged a long list of contributors, including SlowMist, SEAL 911, Binance, Sherlock, and dozens of others.
With user funds fully restored, KiloEx now turns its attention to rebuilding community trust.
The platform has pledged transparency and will share updates on the legal withdrawal process as it winds down the incident.
Legal proceedings are being finalized with the support of judicial authorities and third-party experts.
The post KiloEx Hacker Returns Entire $7.5M Four Days After Exploit appeared first on Cryptonews.
