In a significant development for the decentralized exchange (DEX) community, KiloEx has announced a comprehensive compensation plan for users affected by a $7.5 million exploit that temporarily disabled the platform earlier this month. The hack, which exploited vulnerabilities within KiloEx’s system, raises important questions about security measures in the DeFi space and the responsibilities of exchanges to their users.
KiloEx detailed its resolution plan in an announcement on April 24, stating that traders with open positions during the outage will receive full compensation for any incurred losses or decreased profits. “Traders must close their positions immediately after the platform resumes operations, as delays could potentially impact compensation amounts,” warned KiloEx.
For stakers involved with KiloEx’s Hybrid Vault, the situation was less dire. The platform clarified that all stolen funds have been fully reinjected into the vault, ensuring that stakers’ principal and earnings remain unaffected. Additionally, as a token of goodwill, eligible stakers will receive a bonus of 10% annual percentage yield (APY) for having funds in the vault prior to the platform’s restart.
In an interesting turn of events, KiloEx previously offered a 10% bounty to the hacker, allowing them to retain $750,000 if they returned 90% of the stolen funds. This strategy seems to have worked, as reports indicate that the hacker returned a large portion of the funds, leading KiloEx to withdraw legal action against them.
Another critical aspect of this incident is the technical vulnerability that allowed the exploitation to occur. KiloEx has confirmed through an internal post-mortem that the attacker exploited a price oracle vulnerability, utilizing a function that was meant for authorized entities only. This loophole allowed the hacker to artificially inflate prices, generating illegitimate profits.
As the DeFi landscape continues to evolve, incidents like the KiloEx hack underscore the necessity for robust security protocols and the importance of rapid response measures. The platform’s proactive approach to compensating affected users and enhancing security measures should serve as a model for others in the industry.
In conclusion, while the KiloEx hack was a significant setback, the platform’s commitment to transparency and user compensation reflects a strong dedication to maintaining trust within the DeFi community. As traders and investors navigate this complex landscape, continued vigilance regarding security risks will be essential.
