IoTeX hit by private key exploit draining up to $8.8 million from bridge contracts

Crypto-AI project IoTeX's cross-chain bridge infrastructure was exploited Saturday after a private key compromise gave an attacker unauthorized control over the project's TokenSafe and MinterPool smart contracts, according to PeckShield and onchain analyst Specter. Independent estimates put total losses as high as $8.8 million, though IoTeX has pushed back on those figures.Specter was among the first to flag the incident, posting on X at 4:20 a.m. EST that IoTeX's private key appeared to have been compromised, with a token safe drained of approximately $4.3 million across multiple assets. The tokens taken included USDC, USDT, IOTX, PAYG, WBTC and BUSD, all withdrawn directly from the vault rather than through a smart contract vulnerability.The attacker moved quickly to obfuscate the stolen funds, swapping the drained assets into ether via decentralized exchanges including Uniswap and then bridging roughly 45 ETH to the Bitcoin network. PeckShield confirmed the exploit and noted the attacker used THORChain to move funds cross-chain, a laundering pattern seen in previous incidents including a 2023 wallet hack tracked by blockchain sleuth ZachXBT.According to Specter, the attacker also leveraged the compromised contracts to mint approximately 111 million CIOTX tokens, worth an estimated $4 million. CIOTX is IoTeX's cross-chain token standard designed to facilitate multichain liquidity for the DePIN protocol. Specter later updated his estimate to include an additional 9.3 million CCS tokens drained, valued at roughly $4.5 million.IoTeX acknowledged the incident in a post on X roughly three hours after Specter's initial report, saying its team was "fully engaged, working around the clock to assess and contain the situation." Co-founder and CEO Raullen Chai echoed the message, writing that centralized exchanges were cooperating to trace and freeze funds and that the situation was "under control."IoTeX's blockchain is currently down, last processing blocks at about 10 a.m. EST. "The IoTeX chain will be back in an estimated 24–48 hours, along with exchange deposits, after the hackers' addresses are frozen," Chai wrote. "All funds are safe on the IoTeX chain!""Initial estimates suggest the potential loss is significantly lower than circulating rumors," Chai wrote. "We will continue working closely with our security partners to investigate, recover funds where possible, and provide further updates transparently." Chai did not specify IoTeX's internal estimate of the losses; IoTeX and Chai did not immediately respond to a request for comment from The Block.IOTX was trading near $0.0049 Saturday morning, down about 9% over 24 hours with daily trading volume surging more than 500%, according to The Block's IoTeX Price page. In a follow-up post, Specter flagged what they described as a funding trail connecting the IoTeX attacker's wallet to the $49 million hack of stablecoin neobank Infini in February 2025, one of the largest exploits of last year. The Infini team accused a former contract developer, known onchain as shaneson.eth (@k63jpx), of retaining administrative privileges and draining the platform's vault.The incident adds to a rough stretch for cross-chain bridge security. The Block previously reported on the Flow blockchain exploit in December, where a similar private key compromise allowed an attacker to mint tokens and drain roughly $3.9 million before the network attempted a controversial rollback. Private key compromises accounted for 88% of stolen funds in Q1 2025, and the attack vector has continued to be a persistent threat into 2026. Crypto theft topped $3.4 billion in 2025, according to Chainalysis.IoTeX, founded in 2017, brands itself as a blockchain platform for real-world AI and decentralized physical infrastructure networks, or DePINs. The project has partnerships with Google, Samsung and ARM and in late 2024 integrated with Polygon's AggLayer.Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2026 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.