A hacker who drained $7.5 million from decentralized exchange KiloEx has returned the full amount just four days after the platform was exploited.
The exchange, which suspended operations following the April 15 attack, confirmed on April 18 that all stolen funds had been recovered. The reversal followed KiloEx’s offer of a $750,000 bounty—10% of the stolen amount—if the attacker returned at least 90% of the assets.
Blockchain security firm PeckShield first flagged the movement, noting in a post on X that roughly $5.5 million had been transferred back to KiloEx-linked addresses. Shortly after, KiloEx announced it recovered the full amount.
The exchange said it would not pursue legal action against the attacker, describing the resolution as part of a formal agreement. “With all affected funds fully restored, we are fulfilling our pledge to resolve this matter fairly and transparently,” the platform wrote.
The incident was first flagged by Cyvers and involved an attacker manipulating KiloEx’s price oracle function to feed the platform false market data. By exploiting a flaw in oracle access controls, the attacker was able to execute leveraged trades at artificially skewed prices — generating outsized profits that allowed them to drain millions from the protocol.
One transaction alone netted over $3 million, data shows.
According to KiloEx, the attacker funded their wallet using Tornado Cash, a privacy-focused Ethereum mixer, making it harder to trace the source of funds. The team confirmed the vulnerability had been “contained” and that all platform operations were frozen to prevent further losses.
KiloEx said it worked with cybersecurity firms Seal-911, SlowMist, and Sherlock, as well as law enforcement, to investigate the breach and identify those involved.
The company added that it will pay out the agreed bounty and consider the hacker’s actions as white hat—a term typically reserved for ethical hackers who help identify and resolve vulnerabilities.
The incident comes amid a broader push for stronger security across decentralized finance. Just two months earlier, Bybit suffered what is considered the largest crypto hack to date, losing over $1.4 billion in user funds.
Oracle manipulation attacks have plagued DeFi for years. One of the most infamous cases occurred in 2022 when Avraham Eisenberg drained $110 million from Mango Markets by inflating collateral values. Though he described the act as a “highly profitable trading strategy,” Eisenberg was convicted of fraud in 2024.