KiloEx Warns Hacker After $7M Exploit, Offers 10% Bounty or Legal Action

Today, KiloEx, a decentralized exchange specializing in perpetual futures trading, publicly addressed the hacker responsible for a $7.5 million exploit.

In a post shared on X, the KiloEx team delivered a stern ultimatum to the attacker to return 90% of the stolen assets and walk away with a 10% white hat bounty or face relentless legal pursuit backed by law enforcement, cybersecurity firms and exchanges.

To Hacker:

Our investigation, supported by law enforcement, cybersecurity agencies, and multiple exchanges & bridge protocols, has uncovered critical information about your activities.

We are actively monitoring your addresses (0x551f3110f12c763d1611d5a63b5f015d1c1a954c,…

— KiloEx (@KiloEx_perp) April 15, 2025

KiloEx disclosed that the identities and blockchain addresses linked to the attacker had already been identified and were under constant surveillance.

Among the exposed wallets are 0x551f3110f12c763d1611d5a63b5f015d1c1a954c, 0x00fac92881556a90fdb19eae9f23640b95b4bcbd, and 0xd43b395efad4877e94e06b980f4ed05367484bf3.

The team warned that these wallets could be frozen at any moment with the help of its partner networks.

To incentivize the attacker to cooperate, KiloEx offered a bounty of 10% of the stolen funds, amounting to $750,000, if 90% is returned within 72 hours to wallets specified across opBNB, BNB Chain, Base, Ethereum, and Manta networks.

Should the hacker comply, the DEX pledged to acknowledge the resolution publicly and close the case without further consequences.

“The choice is yours. Act now to avoid irreversible consequences,” the statement concluded, giving the hacker the option to contact the team via on-chain messaging or email.

Otherwise, the matter would escalate into a full-scale criminal investigation.

A Calculated Oracle Exploit Hits KiloEx for $7.5M

The exploit occurred on April 14 and stemmed from a price Oracle manipulation vulnerability.

💻 Decentralized exchange KiloEX @KiloEx_perp suspends operations after hackers exploit oracle flaw, stealing $7.5m.#KiloEX #DeFiHackhttps://t.co/SXV3O2HWY6

— Cryptonews.com (@cryptonews) April 15, 2025

Blockchain security firms, including PeckShield and Cyvers, confirmed that the attacker used Tornado Cash to fund their wallet and then leveraged the exploit across multiple networks, Base, BNB Chain, and Taiko.

The attacker took advantage of a flaw in KiloEx’s Oracle system that allowed for the manipulation of external price feeds.

The attacker opened leveraged positions at dramatically skewed valuations by tampering with the asset price data reported to the protocol.

The attacker stole over $3.1 million in one reported transaction in a single move, causing a gross distortion of value that enabled the attacker to drain funds from KiloEx’s vault.

PeckShield estimated the damage to be roughly $3.3 million from Base, $3.1 million in opBNB, and $1 million in BSC tokens.

The @KiloEx_perp protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC).

The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given…

— PeckShield Inc. (@peckshield) April 14, 2025

Once the exploit was discovered, KiloEx quickly suspended all trading activity and notified partner protocols to blacklist the identified addresses.

According to the team, this exploit has been contained, and a bounty program was promised shortly after.

KiloEx is working with multiple security partners to trace the flow of stolen funds and recover them where possible. A full incident report is expected to be released in the coming days.

KiloEx Joins Long List of Oracle Attack Victims

This isn’t the first time a decentralized finance (DeFi) platform has fallen victim to an oracle-based attack.

Blockchain oracles, which deliver real-world data to smart contracts, have historically been attractive vectors for exploiters due to their vulnerability.

The UwU Lend attack in June 2024 set a notable precedent, with $19.4 million drained in under six minutes through similar price manipulation tactics.

🚨ALERT🚨Hey @UwU_Lend, you are being attacked!

So far address got around $14M

More update will follow!

Please contact us to learn how to secure your digital assets!#CyversAlert pic.twitter.com/IND77hbTbH

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 10, 2024

That exploit, too, involved wallets funded through Tornado Cash, which leveraged manipulated price feeds to extract massive sums before being detected.

The protocol’s founder, Michael Patryn, also known as 0xSifu, later offered the attacker a 20% bounty in exchange for returning the majority of the stolen funds.

KiloEx’s case looks similar, and as the deadline for the hacker ticks down, the team watches closely.

If the hacker accepts the deal, it could add to a growing trend of exploiters choosing amnesty over anonymity. But if they don’t, KiloEx seems ready to make an example of them, with all legal and forensic tools at its disposal.