IoTeX Private Key Exploit Drains Over $2 Million

A private key exploit on February 21 gave an attacker control of IoTeX’s TokenSafe and MinterPool contracts. The breach ultimately saw an estimated $2 million in crypto assets drained, and IOTX fell about 9.2% to $0.0049 on CoinGecko. The attack unfolded between 7 and 9 AM UTC, with the hacker swapping stolen funds into ETH and using THORChain to bridge roughly 45 ETH to Bitcoin.

That bridging move complicated efforts by exchanges and security partners to freeze the funds. On-chain analyst Specter first flagged the breach and put initial drained amounts at $4.3 million in USDC, USDT, IOTX, WBTC, PAYG and BUSD. Specter also reported 9.3 million CCS tokens — roughly $4.5 million — were taken, pushing total estimated losses toward $8.8 million.

IoTeX said the situation is "under control" and estimated the exploit’s impact at around $2 million USD.

iotex, private key, exploit, iotx, tokensafe, minterpool, thorchain, eth, bitcoin, usdc