Hacker breaches IoTeX crypto bridge, siphoning nearly $9 million., 2026/02/22 14:58:19

2

Hacker breaches IoTeX crypto bridge and withdraws nearly $9 million0

The crypto project IoTeX has experienced a hacking incident. The attacker gained access to the TokenSafe and MinterPool due to the compromise of a private key, as reported by experts from PeckShield.

Initially, the hacker withdrew approximately $4.3 million in crypto assets from the storage, including , , IOTX, PAYG, WBTC, and BUSD. The funds were extracted directly rather than through a vulnerability in the smart contract, clarified an on-chain analyst known as Specter. 

The total damage could reach $8.8 million, although representatives from IoTeX dispute these figures.

The hacker quickly covered their tracks. They exchanged the withdrawn assets for Ethereum via decentralized exchanges, including Uniswap, and subsequently transferred around 45 to the Bitcoin network through a cross-chain bridge. To facilitate the movement of funds between networks, the attacker utilized THORChain. 

Following this, the unknown individual exploited the compromised contracts to issue approximately 111 million CIOTX tokens (valued at $4 million), which IoTeX uses to provide liquidity in the DePIN protocol. As a result of CIOTX, an additional 9.3 million CCS tokens worth around $4.5 million were also withdrawn. 

The IoTeX platform has confirmed the incident. Co-founder and CEO Raullen Chai stated that centralized exchanges are collaborating with the project to track and freeze the funds. Currently, the IoTeX blockchain is temporarily disabled. The platform’s initial damage assessment is around $2 million. Chai claims that the CCS tokens and some others are outdated and hold no value, while CIOTX has been frozen, and the team is working to prevent the hacker from moving the assets. 

Immediately following reports of the breach, on Saturday, February 21, the IOTX token was trading at approximately $0.0049, reflecting a 9% decline. By Sunday, the price of IOTX fell further by 5.3%, reaching $0.0047.   

Specter identified a connection between the hacker’s wallet and an attack on the neobank Infini in February 2025, which resulted in a loss of $49 million. The Infini team accused a former developer named Chen Shanxuan of utilizing access keys and stealing assets.  

Recently, the decentralized crypto lending protocol Moonwell was also hacked, resulting in a withdrawal of $1.78 million due to an error made by artificial intelligence.