KiloEx to reimburse users hit by $7.5 million exploit 

KiloEx – a decentralized exchange (DEX) – has announced plans to reimburse users affected by a $7.5 million exploit that briefly halted its operations in mid-April. 

In an April 24 update, the platform said any trader with open positions during the suspension will be made whole for losses and reduced profits, with payouts calculated based on account status at the moment trading resumes. Users are urged to close positions promptly after restart to ensure accurate compensation. 

For participants in its Hybrid Vault, KiloEx confirmed that both staked principal and accrued earnings have been fully restored, and it will additionally award a 10 % APY bonus to those who had funds locked in before the service came back online. 

Earlier, on April 15, KiloEx offered a “white-hat” bounty equivalent to 10 % of the stolen assets (up to $750,000) in exchange for returning at least 90 % of the funds, warning that failure to comply would lead to identity exposure and legal action. By April 18, it reported the hacker had returned the bulk of the assets, at which point all legal threats were withdrawn and the bounty was paid.

The incident was traced to a vulnerability in KiloEx’s price oracle: an unrestricted function allowed the attacker to open positions at artificially low prices and close them at inflated levels, generating illicit gains before the exploit was detected and the platform suspended trading on April 14.