DeFi platform KiloEx to compensate users impacted by $7.5M hack
Decentralized exchange (DEX) KiloEx announced that it will compensate traders and stakers affected by a $7.5 million exploit that temporarily shut down the platform earlier in April.
In an April 24 announcement, KiloEx said traders who had positions open while the platform was suspended would get full compensation if their losses increased or profits decreased. The platform said it would pay the difference
KiloEx urged traders to close their positions immediately once the platform resumes operations, as delaying could affect their profit and losses, which may then impact the compensation amount.
“Please close your position as soon as possible after the platform resumes. Compensation will be calculated based on the platform’s resume time,” KiloEx stated
Source: KiloEx## Stakers’ principal and earnings remain unaffected
For the platform’s Hybrid Vault stakers, KiloEx said that the stolen funds were fully reinjected into the vault. As a result, staker earnings and principal will remain unaffected However, KiloEx said it will still provide an additional 10% annual percentage yield (APY) as a bonus for eligible stakers.
The bonus APY will be awarded to users who had funds in the vault prior to the platform’s resumption.
On April 15, KiloEx offered a 10% bounty to the hacker who stole the funds from the platform. The DEX said that the hacker could keep $750,000 as a white hat bounty if they decide to return 90% of the stolen funds. The platform threatened to expose the hacker’s identity and take legal action if they did not comply
Shortly after, security platforms flagged transactions indicating that the KiloEx hacker returned the stolen funds. On April 18, the DEX said it would withdraw all legal action against the hacker and reward them with a 10% white hat bounty
Related: Mantra OM token crash exposes ‘critical’ liquidity issues in crypto
KiloEx hacker exploited a price oracle vulnerability
On April 14, KiloEx suspended its platform after containing the exploit that led to $7.5 million in losses. Security firm PeckShield said the attacker likely exploited a price oracle vulnerability that allowed them to inflate the prices to gain more profit than they should have
In a post-mortem published by KiloEx, the platform confirmed that the attacker exploited a permissionless function. The DEX said the attacker crafted a request that only authorized entities should have been able to do
Using this, the attacker opened a position at an “artificially low price.” This was followed by closing the position at a higher price, providing illegitimate profits to the attacker
Magazine: Ethereum maxis should become ‘assholes’ to win TradFi tokenization race
- #Blockchain
- #Security
- #Hackers
- #Cybersecurity
- #Hacks
- #DeFi
Add reaction