KiloEx DEX exploiter returns $1.4M out of the $7M stolen funds

The hacker behind KiloEx’s recent $7.4 million exploit has returned $1.4 million worth of USDT following days of silence.

The update was shared by blockchain security firm PeckShield in an Apr. 18 post on X, confirming that funds linked to the attack were sent back to KiloEx’s address. KiloEx, a decentralized perpetuals trading platform backed by YZi Labs, was hacked on Apr. 15 in a cross-chain attack that targeted Base, opBNB, and BNB Chain (BNB).

The exploit was first flagged by Cyvers Alerts, which linked the incident to a wallet funded via Tornado Cash. A price oracle vulnerability was the main cause, enabling the attacker to manipulate ETH/USD values and use inflated prices to drain funds. The losses were distributed among Base ($3.3M), opBNB ($3.1M), and BSC ($1M), per PeckShield’s breakdown.

KiloEx DEX gave the attacker a 72-hour ultimatum and offered a whitehat bounty of 10% of the stolen money in exchange for returning the remaining amount. “We are actively monitoring your addresses… and are prepared to freeze the stolen funds promptly,” the team warned.

When the hacker failed to respond, KiloEx filed a formal case with Hong Kong police on Apr. 17 and partnered with cybersecurity firm SlowMist to support the investigation. The company said it had already shared critical data with law enforcement and will release a full incident report once the probe progresses.

While the returned amount falls short of the 90% target, the transaction suggests some progress. KiloEx has not yet confirmed receipt of the funds or whether further negotiations are ongoing.

The platform is currently working to restore trading operations and finalize a user compensation plan. It also assured users that open positions will be settled based on pre-attack prices, with no risk of forced liquidation.