A private key exploit gave an attacker control of IoTeX’s TokenSafe and MinterPool contracts on February 21. Eventually, the hackers drained an estimated $2 million in crypto assets, sending IOTX down by over 9%.
Why it matters:
- IOTX holders face direct losses as the token fell roughly 9.2% to $0.0049, according to CoinGecko data.
- The attacker used THORChain to bridge stolen ETH to Bitcoin, complicating efforts by exchanges and security partners to freeze the funds.
- IoTeX confirmed the situation is “under control,” and the exploit impact is around $2 million USD. But some on-chain analysts suggest total losses could reach $8 million.
The details:
- The attack unfolded between 7 and 9 AM UTC on February 21, giving the hacker full access to IoTeX’s TokenSafe and MinterPool contracts via a compromised private key.
- On-chain analyst Specter flagged the breach first, reporting $4.3 million drained in USDC, USDT, IoTeX (IOTX), WBTC, PAYG, and BUSD.
- The hackers swapped the Stolen funds to ETH and bridged approximately 45 ETH to Bitcoin via THORChain.
- The hacker also drained 9.3 million CCS tokens worth roughly $4.5 million, pushing total estimated losses toward $8.8 million, as per Specter.
- IoTeX co-founder Raullen Chai stated on X that exchanges are cooperating to freeze related addresses. The IoTeX chain is expected to resume in 24–48 hours.
The post IoTeX Hit by Private Key Exploit, Attacker Drains Over $2 Million appeared first on BeInCrypto.
Source: https://beincrypto.com/iotex-hacker-drain-over-8-million/