Published On: Sun, 22 Feb 2026 03:28:45 GMT

IoTeX Hit by $2M–$4M Exploit After Private Key Compromise

IoTeX suffered a security exploit yesterday, after a private key tied to its token safe infrastructure was compromised.

Sahil Thakur Hacks & Scams News

Feb 22, 2026

Author: Sahil Thakur

Low Attention

Overheated

HypeMeter

22nd February 2026 – IoTeX suffered a security exploit yesterday, after a private key tied to its token safe infrastructure was compromised. The affected setup managed project tokens, bridge operations, TokenSafe, and MinterPool contracts.

On-chain analysts first flagged suspicious activity around 4:20 AM EST. IoTeX acknowledged the issue shortly after and began containment procedures.

The team described the breach as a sophisticated, long-planned attack. The exact compromise vector remains under investigation. So far, there is no confirmation of a public key leak. Instead, IoTeX believes professional actors may have developed the exploit over months.

High Signal Summary For A Quick Glance

📌 Key Takeaways 👥 Who Is Impacted 📊 Implications

IoTeX suffered a $2 million bridge hack on February 21, 2026, after attackers compromised a private key controlling token management infrastructure
Hackers drained $4.3 million in assets including USDC, USDT, IOTX, WBTC, and BUSD, then swapped them for ETH and bridged to Bitcoin via THORChain
IoTeX responded within hours, pausing the blockchain, freezing contracts, and coordinating with exchanges and law enforcement to trace stolen funds

$IOTX

IoTeX

+12.4%

Social Growth Rate

MoM

4.8%

Engagement Ratio

Active

82%

Organic Activity

Low bot signals

Uncertain

The Talk

Real voices. Real reactions.

KOLs

Media

Community

IoTeX had a private key compromise, with reports of an $8.8M loss. 🚨 IoTeX confirmed the breach, says losses may be lower, and is working to trace and freeze the funds. https://t.co/TyYzM13cQb

02:15 PM·Feb 21, 2026

Another Crypto Hack: IoTeX Just Got Hacked for $8.8 Million - Funds Already Moving to Bitcoin What Happened: The Attacker Drained Multiple Tokens From The IoTeX Token Safe Including USDC, USDT, IOTX, WBTC, BUSD And PAYG. All Stolen Funds Were Swapped To ETH And The Hacker Has https://t.co/GkRn1nNU1k

11:36 AM·Feb 21, 2026

Feb 22, 2026

IoTeX Hit by $2M–$4M Exploit After Private Key Compromise

Feb 10, 2026

ZachXBT Criticizes Phantom For Address Poisoning

Jan 27, 2026

Trove Markets Alleged Mastermind Doxxed in $11.5M ICO Scam

Jan 26, 2026

ZachXBT Links $40M Theft to CMDSS Contractor’s Son

Fetching related reads

Steady attention without excessive speculation.

IoTeX bridge users and token holders saw temporary service disruption and a 9-10% IOTX token price decline following the breach
Users of IoTeX’s main chain were unaffected as the team confirmed main chain funds remained secure throughout the incident
Cryptocurrency exchanges working with IoTeX to freeze and trace stolen funds as they move through centralized platforms

🟢 Short term: IoTeX contained the breach quickly, blockchain expected to resume within 24-48 hours with security upgrades implemented

🟡 Long term: Incident highlights persistent vulnerabilities in cross-chain bridge infrastructure and the need for enhanced private key security protocols

🔴 Key risk: Bridge protocols remain high-value targets for sophisticated attackers due to large asset holdings and complex multi-chain security requirements

What the Attacker Did

After gaining control of the token safe, the attacker moved quickly.

First, they drained an estimated $4.3 million in assets from the vault. Tokens involved included USDC, USDT, IOTX, PAYG, WBTC, and BUSD.

Next, the attacker swapped the tokens into ETH on decentralized exchanges such as Uniswap.

Then, they bridged approximately 45 ETH to Bitcoin via THORChain. This step likely aimed to obscure the trail and complicate recovery efforts.

In addition, the attacker minted roughly 111 million unauthorized CIOTX tokens and drained 9.3 million CCS tokens. However, IoTeX later clarified that many of these assets were deprecated, frozen, or had limited real-world value.

While early analyst estimates suggested total exposure of $8–8.8 million, IoTeX’s official confirmed loss stands closer to $2 million. That figure reflects primarily liquid assets such as USDC, USDT, IOTX, and WBTC.

Immediate Response From IoTeX

IoTeX responded quickly and publicly.

Within hours, the team confirmed suspicious activity and assured users that losses were lower than circulating rumors. They coordinated immediately with centralized exchanges and security partners to trace and freeze stolen funds.

Co-founder Raullen Chai emphasized that all funds on the main IoTeX chain remained safe. The compromise affected only the token safe and bridge infrastructure.

To contain the situation, the team:

Temporarily secured and paused the IoTeX blockchain
Froze and upgraded affected contracts, including CIOTX
Coordinated with exchanges and law enforcement
Engaged security firms such as PeckShield for forensic analysis

By the evening of February 21, IoTeX confirmed the breach was contained. The team stated that full chain operations and exchange deposits would resume within 24 to 48 hours following final upgrades.

Tweet not available.

As of February 22, 2026:

The incident remains contained
No new suspicious activity has been reported
Chain operations are expected to resume within the announced window
Recovery efforts continue
The root cause investigation remains ongoing

Meanwhile, the IOTX token fell roughly 9–10% following the announcement, reflecting short-term market reaction rather than systemic protocol failure.

Why This Matters

Importantly, no user funds on the main IoTeX chain were directly at risk. However, the incident highlights a recurring vulnerability in crypto infrastructure: private key compromise in bridge and multi-sig setups.

Throughout 2025, private key attacks accounted for a significant share of crypto losses. IoTeX’s exploit follows a familiar pattern:

Drain assets
Swap to ETH
Bridge cross-chain
Convert to Bitcoin

The speed of execution suggests experienced operators.

The Bigger Picture

IoTeX’s response has been relatively transparent and proactive. Still, the event reinforces an ongoing industry challenge.

Bridges and token safes remain high-value targets. Even mature projects face operational key management risks.

Now, the focus shifts to three questions:

How was the private key compromised?
Can meaningful funds be recovered?
What structural upgrades will prevent recurrence?

IoTeX says further updates will follow as the forensic investigation concludes.

Frequently Asked Questions

How much did IoTeX actually lose in the security breach?

Initially, analysts estimated losses between $8 million and $8.8 million. However, IoTeX later clarified that figure included deprecated tokens with little or no real value. In reality, the team confirmed losses of roughly $2 million in liquid assets such as USDC, USDT, IOTX, and WBTC.

Were user funds on the IoTeX main chain affected by the hack?

No, user funds on the main IoTeX chain remained safe. Instead, the attacker targeted the token safe and bridge infrastructure. Throughout the incident, the core chain itself continued to protect user balances.

How did the attackers compromise IoTeX’s security?

The attackers gained control of a private key connected to IoTeX’s token safe setup. That key managed bridge operations and token holdings. While the team has not confirmed the exact method yet, investigators are examining possibilities such as human error, insider access, or a supply-chain compromise.

When will IoTeX blockchain operations return to normal?

After detecting the breach, the team paused the chain to apply security upgrades. As of February 22, IoTeX expects operations to resume within 24 to 48 hours. During that same window, exchanges plan to reopen deposits and withdrawals.

What happened to the stolen cryptocurrency?

First, the hackers swapped the stolen tokens into ETH on decentralized exchanges like Uniswap. Then, they bridged roughly 45 ETH into Bitcoin through THORChain to obscure the trail. Meanwhile, IoTeX, exchanges, and law enforcement continue tracing and attempting to freeze those funds.

How sophisticated was this attack compared to other crypto hacks?

IoTeX described the breach as highly sophisticated and potentially planned over six to eighteen months. Moreover, analysts observed patterns similar to previous cross-chain exploits, including a major 2025 hack. As a result, investigators believe experienced professional actors likely executed the attack.

Trusted

Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.

Share with your community!

Or Even Better - Join the OCT Community!

Share with your community!

Or Even Better - Join the OCT Community!

$IOTX

6.80%

IoTeX

$0.00

6.80%

+12.4%

Social Growth Rate

MoM

4.8%

Engagement Ratio

Active

82%

Organic Activity

Low bot signals

Uncertain

Join Our Telegram Community

NEWS

OPINION/RESEARCH

FEATURES

ABOUT US

IoTeX Hit by $2M–$4M Exploit After Private Key Compromise

The Talk

Related reads

Fetching related reads

What the Attacker Did

Immediate Response From IoTeX

Current Status

Why This Matters

The Bigger Picture

Frequently Asked Questions

Trusted

In this article

Related reads

Related reads

Related reads

Related reads

Related reads