Decentralized perpetuals exchange KiloEx has reported a recent $7.4 million hack to the Hong Kong police and is preparing a compensation plan for affected users.
In a detailed update posted on X, the platform said it is working with the police’s Criminal Division and Cybercrime Unit, as well as blockchain security firm SlowMist, to investigate the incident and track the hacker’s identity.
The April 15 breach stemmed from a price oracle access control vulnerability that allowed an attacker to manipulate ETH/USD pricing, netting millions in a single transaction. The exploit was first detected by Cyvers Alerts, which flagged suspicious cross-chain activity across Base, Taiko, and BNB Chain.
According to PeckShield, losses were spread across Base ($3.3 million), opBNB ($3.1 million), and BSC ($1 million).
KiloEx said the vulnerability has been fixed and emphasized that no open positions will face liquidation. Instead, all positions will be closed based on price snapshots taken before the attack. Profits and losses from the exploit period will not count toward final user balances.
The exchange has initiated communication with the hacker, sending four on-chain messages offering to accept 90% of the stolen funds in exchange for dropping pursuit. So far, no response has been received, and the funds remain unmoved. KiloEx also published the hacker’s wallet addresses and coordinated with centralized and decentralized platforms to block further access.
Tentative compensation plan
To reassure users, KiloEx stated that it is raising funds for compensation and will gradually restore the Vault function after finalizing the plan.
“We are currently raising funds and working on a compensation plan to ensure KiloEx users can quickly restore liquidity,” the exchange posted. “The Vault function will gradually be restored after the compensation plan is finalized. Users’ funds in the Vault remain secure.”
The team denied rumors of internal involvement, noting that both SlowMist and law enforcement have full access to its internal data.
A full report will be released once the investigation allows. Trading is expected to resume soon. The protocol, backed by YZi Labs, is offering bounties for user-submitted clues that aid in the investigation.
