IoTeX Hit by Private Key Exploit, Attacker Drains Over $2 Million
IoTeX, a Layer-1 blockchain that connects real-world devices to crypto applications, suffered a security breach after attackers compromised a private key linked to its token safe and bridge infrastructure.
Early reports from blockchain security researchers estimated losses of more than $8 million. However, IoTeX later said confirmed losses are around $2 million, much lower than initial estimates.
#PeckShieldAlert The IoTeX[.]io Bridge @iotex_io has been hacked for over $8M worth of crypto due to a compromised private key.
The hacker has swapped the stolen funds to $ETH and has started bridging them to #BTC via #Thorchain. pic.twitter.com/uNWHzahk4F
The team said it has contained the incident and is working with exchanges and law enforcement to trace and freeze stolen funds. The attack happened after a private key was compromised.
In this case, the attacker used the key to move funds from IoTeX’s token safe. Security researchers said the attacker quickly swapped stolen tokens into ETH and then moved them toward BTC using cross-chain services.
This method helps attackers hide their tracks. Once funds move across multiple blockchains, recovery becomes harder.
We are aware of recent reports regarding suspicious activity involving an IoTeX token safe. Our team is fully engaged, working around the clock to assess and contain the situation.
Initial estimates indicate the potential loss is significantly lower than circulating rumors…
However, investigators have not yet confirmed how the private key was stolen. It remains unclear whether the key was exposed through human error, software vulnerability, or another method.
Meanwhile, the market reacted quickly. The IOTX token fell about 9%. The chart shows a sharp drop after news of the hack spread, followed by unstable trading.
IOTX Token Crashes After Reported Hack. Source: CoinGecko
IoTeX Says Chain Is Secure and Losses Are Limited
IoTeX said it has secured the chain and contained the threat. The team confirmed that stolen assets include USDC, USDT, IOTX, and WBTC.
Importantly, IoTeX said the core blockchain itself was not hacked. Instead, the attacker targeted a token safe or bridge component connected to the network.