Source: Cointelegraph
Original: “DeFi platform KiloEx to compensate $7.5 million hack-affected users”

Decentralized exchange (DEX) KiloEx announced that it will compensate traders and stakers affected by a $7.5 million hack during the temporary closure of the platform in early April.

On April 24, KiloEx released a statement saying that traders holding open positions during the platform's suspension will receive full compensation if their losses increased or profits decreased. The platform stated it would cover these differences.

KiloEx urged traders to close their positions immediately after the platform resumes operations, as delays may affect their profit and loss situation, thereby impacting the final compensation amount.

"Please close your positions as soon as possible after the platform resumes. The compensation amount will be calculated based on the time of the platform's recovery," KiloEx stated.

For the platform's Hybrid Vault stakers, KiloEx indicated that all stolen funds have been returned to the vault. Therefore, the stakers' earnings and principal will not be affected. Additionally, KiloEx will offer an extra 10% annual percentage yield (APY) as a reward for eligible stakers.

This additional annual yield will be granted to users who had funds in the vault before the platform resumed operations.

On April 15, KiloEx offered a 10% bounty to the hacker who stole funds from the platform. The decentralized exchange stated that if the hacker decided to return 90% of the stolen funds, they could keep $750,000 as a white hat hacker bounty. The platform warned that if the hacker did not comply, it would expose their identity and take legal action.

Shortly thereafter, transactions discovered by a security platform showed that the KiloEx hacker had returned the stolen funds. On April 18, the decentralized exchange announced it would withdraw all legal actions against the hacker and pay them a 10% white hat hacker bounty.

On April 14, after controlling the attack that led to the $7.5 million loss, KiloEx suspended platform operations. Security firm PeckShield stated that the attacker may have exploited a price oracle vulnerability, allowing them to inflate prices for excessive profits.

In a post-incident analysis released by KiloEx, the platform confirmed that the attacker exploited a function without permission. The decentralized exchange stated that the attacker forged a request that should only have been executable by authorized entities.

The attacker used this vulnerability to open positions at "artificially low prices." They then closed their positions at high prices, thereby obtaining illegal profits.

Related: After accepting the bounty agreement, ZKsync successfully recovered $5 million in stolen tokens.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。