News 
Coin Information 
About us 
Customer Service 
IoTeX, a blockchain platform focused on Internet-of-Things (IoT) devices, has announced a 10% white-hat bounty following a major security breach involving its cross-chain bridge, ioTube. The exploit, which occurred on Feb. 21, 2026, stemmed from a compromised private key tied to a validator owner on the Ethereum side of the bridge, resulting in an estimated $4.3 million loss.
In an official post on X, IoTeX confirmed it would award approximately $440,000 to the hacker if the remaining stolen funds are voluntarily returned within 48 hours. Co-founder and CEO Raullen Chai described the post as the “source of truth,” adding that the team has sent an on-chain message promising not to pursue legal action or disclose identifying information if the funds are restored. IoTeX stated that all transactions across Ethereum, IoTeX, and Bitcoin have been fully traced, and suspicious exchange deposits have been flagged and frozen.
According to blockchain security firm PeckShield, the attacker converted the stolen assets into ether (ETH) and bridged them to bitcoin (BTC) via THORChain, complicating recovery efforts. IoTeX identified four bitcoin addresses holding roughly 66.7 BTC—worth about $4.3 million—and said it is monitoring them in cooperation with exchanges.
The company emphasized that its Layer 1 blockchain was not compromised, framing the incident as an operational security failure rather than a smart contract vulnerability. Industry experts note that private key compromise is becoming a leading attack vector in crypto, especially for cross-chain bridges, which have collectively lost over $3.2 billion in recent years.
Following the news, the IOTX token dropped approximately 22% before partially rebounding. IoTeX is now rolling out Mainnet v2.3.4, requiring node operators to upgrade. The update includes a default blacklist of malicious externally owned account addresses to strengthen network security.
While IoTeX says the situation is contained, recovery of the bridged assets remains uncertain.
Comment 0