IoTeX Hit by Private Key Exploit, Attacker Drains Over $2 Million

A private key exploit gave an attacker control of IoTeX’s TokenSafe and MinterPool contracts on February 21. Eventually, the hackers drained an estimated $2 million in crypto assets, sending IOTX down by over 9%.

Why it matters:

• IOTX holders face direct losses as the token fell roughly 9.2% to $0.0049, according to CoinGecko data.
• The attacker used THORChain to bridge stolen ETH to Bitcoin, complicating efforts by exchanges and security partners to freeze the funds.
• IoTeX confirmed the situation is “under control,” and the exploit impact is around $2 million USD. But some on-chain analysts suggest total losses could reach $8 million.

The details:

• The attack unfolded between 7 and 9 AM UTC on February 21, giving the hacker full access to IoTeX’s TokenSafe and MinterPool contracts via a compromised private key.
• On-chain analyst Specter flagged the breach first, reporting $4.3 million drained in USDC, USDT, IoTeX (IOTX), WBTC, PAYG, and BUSD.
• The hackers swapped the Stolen funds to ETH and bridged approximately 45 ETH to Bitcoin via THORChain.
• The hacker also drained 9.3 million CCS tokens worth roughly $4.5 million, pushing total estimated losses toward $8.8 million, as per Specter.
• IoTeX co-founder Raullen Chai stated on X that exchanges are cooperating to freeze related addresses. The IoTeX chain is expected to resume in 24–48 hours.

The post IoTeX Hit by Private Key Exploit, Attacker Drains Over $2 Million appeared first on BeInCrypto.