KiloEx Pursues Legal Action After DeFi Exploit, Hacker Returns $1.4M

By Aditya Menon • April 19, 2025

KiloEx, India’s first decentralized exchange (DEX), was recently hacked for a whopping $5 million. They quickly reported it to Hong Kong police and lodged a formal case after losing about $7 million. The exchange has been working with the Criminal Division of the Hong Kong police. These specialists are collaborating with the Cybercrime Division to further investigate the issue. Cyvers Alerts was the first to raise the alarm on the exploit. It was a price-oracle vulnerability that allowed the attacker to manipulate ETH/USD price values.

Cyvers Alerts pegged the incident as related to a whitelisted connected wallet. This wallet was funded via Tornado Cash, a crypto mixer often used by criminals. By artificially inflating prices, the attacker was able to withdraw funds from the platform. KiloEx has engaged Chinese cybersecurity firm SlowMist, who is currently assisting in investigation and recovery of the stolen funds.

In this instance, KiloEx took steps to recover the stolen funds. They have given a 72-hour deadline to the hacker, providing a 10% whitehat bounty on the stolen value for that hacker’s return of any remaining funds.

“We are actively monitoring your addresses… and are prepared to freeze the stolen funds promptly,” - KiloEx

Even with the ultimatum, the hacker failed to respond at all within the 24 hours provided. In a surprising twist, the hacker recently started returning $1.4 million in USDT back to KiloEx. It’s still unclear what the conditions of this partial return are.

At the heart of the exploit was a price oracle vulnerability. The attacker was able to use this vulnerability in order to pump up ETH/USD values. This manipulation resulted in pseudo-inflation, which permitted them to extract money from the KiloEx platform.

KiloEx’s decision to bring in law enforcement shows how seriously they are taking this incident, and that’s appropriate. As part of these efforts, KiloEx is working with the Criminal Division and Cybercrime Division. This partnership will tap the full resources available to the Hong Kong police department to help find and apprehend the criminal.

Aditya Menon

Senior Cryptocurrency Analyst & Features Writer

Aditya Menon is a Bangalore-based blockchain writer known for his energetic, people-focused commentary. He makes complex crypto, security, and staking topics engaging and accessible through a blend of strategic thinking, lively storytelling, and pragmatic insight.