A non-public key exploit gave an attacker management of IoTeX’s TokenSafe and MinterPool contracts on February 21. Ultimately, the hackers drained an estimated $2 million in crypto belongings, sending IOTX down by over 9%.
Why it issues:
- IOTX holders face direct losses because the token fell roughly 9.2% to $0.0049, in response to CoinGecko knowledge.
- The attacker used THORChain to bridge stolen ETH to Bitcoin, complicating efforts by exchanges and safety companions to freeze the funds.
- IoTeX confirmed the scenario is “under control,” and the exploit affect is round $2 million USD. However some on-chain analysts recommend whole losses might attain $8 million.
The main points:
- The assault unfolded between 7 and 9 AM UTC on February 21, giving the hacker full entry to IoTeX’s TokenSafe and MinterPool contracts by way of a compromised non-public key.
- On-chain analyst Specter flagged the breach first, reporting $4.3 million drained in USDC, USDT, IoTeX (IOTX), WBTC, PAYG, and BUSD.
- The hackers swapped the Stolen funds to ETH and bridged roughly 45 ETH to Bitcoin by way of THORChain.
- The hacker additionally drained 9.3 million CCS tokens value roughly $4.5 million, pushing whole estimated losses towards $8.8 million, as per Specter.
- IoTeX co-founder Raullen Chai said on X that exchanges are cooperating to freeze associated addresses. The IoTeX chain is anticipated to renew in 24–48 hours.
