2 hours ago
1
IoTeX reported containing a hack with losses around $2 million, disputing on-chain analyst estimates placing the theft at $4.3 million.
Summary
- IoTeX confirms $2M exploit and pauses chain for security upgrades.
- Analysts estimate $4.3M after token minting and cross-chain laundering.
- Exchanges and law enforcement work to freeze stolen funds.
The blockchain platform stated it coordinated with exchanges and law enforcement to freeze stolen funds following what it called a “long-planned attack by professional actors targeting multiple chains.”
On-chain analyst Specter posted that IoTeX’s private key may have been compromised, resulting in multiple contract assets being drained including USDC, USDT, IOTX, PAYG, WBTC, and BUSD.
The private key of @iotex_io may have been compromised, resulting in their token safe being drained for a total loss of approximately $4.3M.
The attacker drained multiple contract assets, including: USDC, USDT, IOTX, PAYG, WBTC, BUSD
The stolen assets were swapped for ETH, and… pic.twitter.com/xbNdwq83yD
The attacker swapped stolen assets for ETH and bridged 45 ETH to Bitcoin, while also minting 111 million CIOTEX tokens.
IoTeX said chain operations and deposits will resume in 24-48 hours after security upgrades are finalized.
IoTeX disputes $4.3M loss estimate with $2M confirmation
IoTeX’s initial statement acknowledged “suspicious activity involving an IoTeX token safe” and noted that “potential loss is lower than circulating rumors suggest.”
The team said it coordinated with major exchanges and security partners actively assisting in tracing and freezing the attacker’s assets.
The updated statement confirmed “the exploit impact is around $2M USD (including USDC, USDT, IOTX, and WBTC).”
🚨 Update on the recent security incident:
Our team has contained the situation and the IoTeX chain is being secured. Current data confirms the exploit impact is around $2M USD (including USDC, USDT, IOTX, and WBTC).
Investigations show this was a sophisticated, long-planned…
Specter’s analysis showed the attacker drained multiple contract assets and executed a multi-step laundering process.
Stolen funds were swapped for ETH, with at least 45 ETH bridged to Bitcoin where tracing becomes more difficult. The minting of 111 million CIOTEX tokens shows the attacker gained control over token issuance functions.
Chain secured with 24-48 hour downtime for upgrades
IoTeX suspended chain operations following the discovery. “Our team has contained the situation and the IoTeX chain is being secured,” the platform announced.
Deposits and normal operations will resume within 24-48 hours pending completion of security upgrades.
The team works with law enforcement to investigate and recover funds. IoTeX also committed to transparent updates as the situation develops.
English (US) · 