The hacker behind KiloEx’s recent $7.4 million exploit has returned $1.4 million worth of USDT

The update was shared by blockchain security firm PeckShield in an Apr. 18 post on X, confirming that funds linked to the attack were sent back to

KiloEx, a decentralized perpetuals trading platform backed by YZi Labs, has reportedly recovered a portion of the funds stolen in a recent exploit.

According to a new report by blockchain security firm PeckShield, the hacker behind the attack returned 1.4 million USDT to KiloEx's address. The development comes days after the exploit was detected and a bounty was offered for the safe return of the stolen funds.

PeckShield first flagged the exploit on April 15, linking it to a wallet funded via Tornado Cash. The incident unfolded as a cross-chain attack targeting Base, opBNB, and BNB Chain (BNB). According to an initial analysis by Cyvers Alerts, a price oracle vulnerability on KiloEx was the main cause.

As the attacker was able to manipulate the ETH/USD values, they were able to use inflated prices on Base and opBNB to drain funds from the platform. The exploitation led to a loss of 3.3 million on Base, 3.1 million on opBNB, and 1 million on BSC, according to PeckShield's breakdown.

Following the incident, KiloEx issued a 72-hour ultimatum to the hacker and offered a whitehat bounty of 10% of the stolen money in exchange for returning the remaining amount. "We are actively monitoring your addresses... and are prepared to freeze the stolen funds promptly," the team warned.

After the hacker failed to respond and the deadline passed on April 17, KiloEx filed a formal case with Hong Kong police and partnered with cybersecurity firm SlowMist to support the investigation. The company added that it had already shared critical data with law enforcement and will release a full incident report.

"We have reported the incident to the Hong Kong police, and a formal case has been filed. KiloEx is working with both the Criminal Division and the Cybercrime Unit of the Hong Kong police to expedite the investigation and bring the perpetrators to justice," the statement concluded.

The new report from PeckShield comes as KiloEx continues to work on restoring its trading operations and finalize a user compensation plan. The platform also stated that open positions will be settled based on pre-attack prices, with no risk of forced liquidation.