tl;dr
Decentralized exchange KiloEx has fully recovered $7.5 million stolen in a recent exploit caused by a vulnerability in its price oracle, which allowed an attacker to manipulate prices across multiple chains. The attacker, funded via Tornado Cash, returned the funds after KiloEx promised a 10% bounty...
KiloEx, a decentralized exchange, has successfully recovered $7.5 million stolen during a recent exploit caused by a vulnerability in its price oracle. This flaw allowed the attacker to manipulate prices across multiple blockchain networks including BNB, Base, and Taiko.
The attacker, who had been funded through Tornado Cash—a service often associated with anonymizing crypto transactions—returned the stolen funds after KiloEx promised a 10% bounty for their return. Staying true to their word, KiloEx rewarded the attacker 10% of the recovered amount as a bounty, recognizing their role in improving platform security.
Choosing a collaborative approach, KiloEx opted not to pursue legal action and instead fostered a positive relationship with the ethical hacking community. They emphasized the importance of long-term cooperation and mutual trust in strengthening security.
This incident stands out in an industry that has suffered approximately $2 billion in losses from hacks and exploits in the current year. Experts like Slowmist’s founder Yu Xian highlighted the rarity and potential benefits of such white-hat behavior, though they noted the complexity and negotiation challenges involved in these resolutions.
KiloEx’s public handling of this security breach offers an insightful case study into innovative recovery strategies in the crypto space, balancing security, ethics, and community engagement.