Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The crypto project IoTeX has experienced a hacking incident. The attacker gained access to the TokenSafe and MinterPool smart contracts due to the compromise of a private key, as reported by experts from PeckShield.
Initially, the hacker withdrew approximately $4.3 million in crypto assets from the storage, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD. The funds were extracted directly rather than through a vulnerability in the smart contract, clarified an on-chain analyst known as Specter.
The total damage could reach $8.8 million, although representatives from IoTeX dispute these figures.
The hacker quickly covered their tracks. They exchanged the withdrawn assets for Ethereum via decentralized exchanges, including Uniswap, and subsequently transferred around 45 ETH to the Bitcoin network through a cross-chain bridge. To facilitate the movement of funds between networks, the attacker utilized THORChain.
Related Posts
Following this, the unknown individual exploited the compromised contracts to issue approximately 111 million CIOTX tokens (valued at $4 million), which IoTeX uses to provide liquidity in the DePIN protocol. As a result of CIOTX, an additional 9.3 million CCS tokens worth around $4.5 million were also withdrawn.
The IoTeX platform has confirmed the incident. Co-founder and CEO Raullen Chai stated that centralized exchanges are collaborating with the project to track and freeze the funds. Currently, the IoTeX blockchain is temporarily disabled. The platform’s initial damage assessment is around $2 million. Chai claims that the CCS tokens and some others are outdated and hold no value, while CIOTX has been frozen, and the team is working to prevent the hacker from moving the assets.
Immediately following reports of the breach, on Saturday, February 21, the IOTX token was trading at approximately $0.0049, reflecting a 9% decline. By Sunday, the price of IOTX fell further by 5.3%, reaching $0.0047.
Specter identified a connection between the hacker’s wallet and an attack on the neobank Infini in February 2025, which resulted in a loss of $49 million. The Infini team accused a former developer named Chen Shanxuan of utilizing access keys and stealing assets.
Recently, the decentralized crypto lending protocol Moonwell was also hacked, resulting in a withdrawal of $1.78 million due to an error made by artificial intelligence.
