DeFi Platform KiloEx to Compensate Users Impacted by $7.5M Hack
KiloEx, a decentralized exchange (DEX), has announced that it will compensate users who were impacted by a $7.5 million exploit that temporarily shut down the platform earlier in April. The platform's promise of full refunds to traders and bonus rewards for stakers comes after a price oracle attack that exposed its vulnerability.
The hack, which occurred on April 14, allowed an attacker to exploit a price oracle vulnerability, inflating prices to gain more profit than they should have. According to KiloEx, the attacker crafted a request that only authorized entities should have been able to do, using this permissionless function to open a position at an "artificially low price." The attacker then closed the position at a higher price, securing illegitimate profits.
KiloEx took swift action to contain the exploit and suspend its platform. However, the damage had already been done, resulting in $7.5 million in losses for traders and stakers. In an effort to mitigate the impact of this incident, KiloEx announced that it would compensate traders who had positions open during the time the platform was suspended.
Traders who had positions open while the platform was down will receive full compensation if their losses increased or profits decreased, according to KiloEx. The platform stated that it would pay the difference and urged traders to close their positions immediately once the platform resumes operations, as delaying could affect their profit and losses, which may then impact the compensation amount.
For Hybrid Vault stakers, KiloEx said that the stolen funds were fully reinjected into the vault. As a result, staker earnings and principal remain unaffected. However, the platform will still provide an additional 10% annual percentage yield (APY) as a bonus for eligible stakers. The bonus APY will be awarded to users who had funds in the vault prior to the platform's resumption.
KiloEx initially offered a 10% bounty to the hacker who stole the funds from the platform, with the condition that they would return 90% of the stolen amount. Shortly after, security platforms flagged transactions indicating that the KiloEx hacker returned the stolen funds. In response, KiloEx withdrew all legal action against the hacker and rewarded them with a 10% white hat bounty.
The $7.5 million hack serves as a stark reminder of the importance of security in DeFi applications. As the cryptocurrency market continues to grow, platforms like KiloEx must prioritize robust security measures to protect users' funds and maintain trust in the ecosystem.