IoTeX disclosed a private key compromise that led to the draining of assets from TokenSafe and MinterPool, with an initial loss estimate of approximately $4.3M. The private key of @iotex_io may have been compromised, resulting in their token safe being drained for a total loss of approximately $4.3M. On-chain researchers reported withdrawals across multiple contracts, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD, with the attacker converting the funds to ETH and then bridging 45 ETH to the Bitcoin network.
Investigations also flagged the minting of 110 million CIOTX tokens, suggesting potential control of minting rights. IoTeX halted chain operations immediately, initiated security upgrades, and said it has the situation under control, planning to resume operations and deposits/withdrawals within 24–48 hours after upgrades. The company is tracing fund flows to enable additional freezes and is cooperating with law enforcement to seek recovery. On-chain analysts like Specter described the breach as a targeted, multi-chain attack by a professional group, underscoring the ongoing risk to cross-chain assets and the importance of transparency as investigations continue.
Leave a Reply