KiloEx Freezes Platform After $7.5M Exploit, Warns Hacker with Bounty or Legal Threat

Decentralized exchange KiloEX was forced to shut down its platform on Tuesday after falling victim to a $7.5 million exploit, marking yet another high-profile DeFi security breach. The team confirmed the incident on April 14 via X, stating that the attack had been “swiftly contained” and that all operations had been paused while investigations got underway.

The team posted, “the exploit has been contained, the team has immediately suspended platform usage and is working with security partners to trace the flow of funds.”

🚨 Security Incident Announcement: KiloEx Vault Exploit

Dear KiloEx Community,
We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is:
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
We urge all partner protocols and platforms to…

— KiloEx (@KiloEx_perp) April 14, 2025

Price Oracle Flaw Led to Massive Profits for Hacker

The attack spread across three blockchain networks Base, opBNB, and BNB Smart Chain with funds siphoned in almost equal parts. According to blockchain security firm PeckShield, the attackers managed to drain roughly $3.3 million from Base, $3.1 million from opBNB, and $1 million from BSC.

PeckShield’s investigation revealed that the exploit stemmed from a serious vulnerability in KiloEX’s price oracle system, which allowed the attacker to manipulate the ETH/USD price feed. This let them open trades under fake market conditions.

The @KiloEx_perp protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC).

The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given…

— PeckShield Inc. (@peckshield) April 14, 2025

Peckshield made an instance; the hacker opened a long position on ETH when it was falsely priced at just $100, and later closed the trade at a manipulated price of $10,000 walking away with $3.12 million in a single transaction.

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, also said the loss is likely due to price oracle access control issues.

Anyone can change the Kilo's price oracle. lol pic.twitter.com/X1UNImHbji

— Chaofan Shou (svm/acc) (@shoucccc) April 14, 2025

In response to the breach, KiloEX has formed a multi-party recovery team, bringing in security experts from BNB Chain, Manta Network, Seal-911, SlowMist, and Sherlock. Together, they’re working to track the stolen funds and recover what they can.

🚨 Update on the KiloEx Vault Exploit 🚨

We are actively collaborating with BNB Chain, Manta Network, and leading blockchain security partners—including Seal-911, SlowMist, and Sherlock—to investigate the recent KiloEx Vault exploit and trace the stolen assets.

Our joint…

— KiloEx (@KiloEx_perp) April 14, 2025

KiloEx Offers Hacker 10% Bounty to Return Stolen Funds

Decentralized exchange KiloEx has offered a 10% white hat bounty—worth $750,000—to the hacker who exploited $7.5 million from its platform.

To Hacker:

Our investigation, supported by law enforcement, cybersecurity agencies, and multiple exchanges & bridge protocols, has uncovered critical information about your activities.

We are actively monitoring your addresses (0x551f3110f12c763d1611d5a63b5f015d1c1a954c,…

— KiloEx (@KiloEx_perp) April 15, 2025

In a statement, KiloEx said it’s working with law enforcement, cybersecurity firms, and exchanges to track the hacker, sharing wallet addresses linked to the theft. While prepared to freeze the stolen funds, the DEX offered to treat the incident as a white hat exploit if 90% of the assets are returned.

“If you cooperate, we’ll close the case and publicly acknowledge the resolution,” KiloEx said, urging the hacker to contact them via email or onchain message.

Failure to comply will result in legal action and full exposure, the platform warned: “The choice is yours. Act now to avoid irreversible consequences.”

Still, the damage is already being felt. KiloEX’s native token, KILO, has crashed more than 31%, now trading at around $0.0353, according to CoinGecko. It’s a steep drop from its recent all-time high of $0.1648 on March 27—down over 78% in just a few weeks.

Notably, March 2025 saw 20 crypto hacks totaling $33.46M in losses, contributing to a staggering $1.63B stolen in Q1, marking a 131% YoY surge and highlighting vulnerabilities in DeFi protocols and blockchain security.