According to an April 18 statement:
“We are pleased to announce that we have successful recovery of all stolen funds related to the recent security incident.”
The exploit was first flagged by Cyvers, a blockchain security outfit, on April 14.
According to the firm’s findings, the breach was traced to a vulnerability in KiloEx’s price oracle. The flaw enabled the attacker to manipulate prices across multiple chains, including BNB, Base, and Taiko.
The wallet responsible for the exploit had reportedly been funded via Tornado Cash, a popular crypto-mixing service often linked to laundering illicit funds.
KiloEx attacker gets 10% bounty
The DEX platform had previously promised the attacker a 10% reward if they chose to return the stolen funds.
With the funds fully recovered, KiloEx stated that it would keep its promise and “award 10% of the recovered amount as a bounty to the white hat involved, recognizing their contribution to improving our platform’s security.”
Meanwhile, KiloEx also stated that it would not pursue legal action. Instead, the company praised the incident’s resolution as a step toward fostering stronger ties with the ethical hacking community.
It added:
“We prioritize long-term collaboration with the ethical security community and view this resolution as a cornerstone for mutual trust…No further legal action will be pursued—this matter is considered resolved in good faith.”
The attacker’s action marks a rare occurrence in an industry that has lost around $2 billion to hacks and exploits this year.
Slowmist founder Yu Xian recognized the rareness of this action, while pointing out that:
“Choosing to act as a white-hat hacker and claim a bounty might truly be the best solution in this industry. Of course, this process isn’t easy, with too many points requiring negotiation, and if not handled well, it can spiral out of control.”