Hacked KiloEX Exchange Offers $700,000 to Hacker
KiloEx, a decentralized perpetual futures exchange, has offered the hacker who hacked it $700,000 to return part of the stolen funds. The exchange was hacked on the evening of April 14. The hacker manipulated token prices, which allowed him to withdraw $7 million worth of cryptocurrency from the platform, RBC Crypto reports.
Cyvers was the first to report the hack. According to them, the attacker was able to withdraw cryptocurrencies from several blockchains: Base, BNB Chain, and Taiko. The KiloEx team later confirmed the hack, suspended the platform, and stated that “the vulnerability has been localized” and an investigation has been launched.
In the hack, the hacker exploited a vulnerability in the management of a price oracle. Oracles collect price data from various networks and feed it to decentralized applications like KiloEx to determine asset prices during trading.
In this case, the attacker exploited a loophole in KiloEx's pricing system and tricked the platform into accepting false quotes. He then made several leveraged trades, according to The Block. The data showed that the profit from one such transaction on KiloEx during the incident was more than $3 million.
On April 15, the KiloEx team approached the hacker with an offer to return 90% of the stolen funds. The platform offered to leave the remaining 10% (about $700,000) to the hacker as a “bounty”.
“We will tweet this decision acknowledging your cooperation and closing the case without further action. If you agree, please contact us,” the exchange team wrote.
If the attacker ignores KiloEx's offer, the exchange promised to investigate the incident together with law enforcement and go to court:
“If you do not comply with the demands: We will forward the investigation materials to law enforcement and cybersecurity partners. Your identity and actions will be disclosed to the relevant authorities. We will relentlessly pursue legal action. The choice is yours. Act now to avoid irreversible consequences,” KiloEx threatened.
The scheme, called an “oracle attack,” has been used before. In 2022, Abraham Eisenberg stole about $110 million from Mango Markets using what he called a “high-yield trading strategy” that altered futures market prices. He was later arrested in Puerto Rico and extradited to the United States, where he was convicted of fraud in 2024.
Источник: cryptocurrency.tech