Stort sikkerhetsbrudd rammer IoTeX: Eiendeler for 4,3 millioner dollar tappet fra token-safe midt i privatnøkkellekkasje

In a stark reminder of the vulnerabilities plaguing the cryptocurrency space, the IoTeX network has fallen victim to a significant security incident. According to on-chain investigator Specter, a suspected private key compromise led to the complete draining of IoTeX's token safe, resulting in losses estimated at approximately $4.3 million. The breach, which occurred earlier today, involved the theft of various assets including USDC, USDT, IOTX, PAXG, DAI, WBTC, and BUSD, which were subsequently swapped for ETH and partially bridged to the Bitcoin network.

The incident was first highlighted in a detailed X post by @SpecterAnalyst, who shared transaction data showing a series of mints, swaps, and executions on platforms like Uniswap and Rizzolver. The post included screenshots of blockchain explorer logs depicting outflows from addresses associated with IoTeX's TokenSafe, with timestamps aligning to February 21, 2026, around 02:00-03:00 UTC. Attacker addresses identified include 0x6487B500...87eD442f on Ethereum and Bitcoin wallets like 1PN2BoHU...8oyYEc and 135oSa2f…1DG1Aw.

IoTeX's official team responded swiftly, acknowledging "suspicious activity" in one of their token safes and stating that the situation has been contained. In an update posted on X, they estimated the impact at around $2 million, significantly lower than initial reports, citing USDC, USDT, IOTX, and WBTC as the primary affected assets. The team described the attack as a "sophisticated, long-planned" operation by professional actors targeting multiple chains. They are collaborating with exchanges, security partners, and law enforcement to trace, freeze, and potentially recover the stolen funds. Chain operations and deposits are expected to resume within 24-48 hours following security upgrades.

However, discrepancies in loss estimates have emerged. Security firm PeckShieldAlert reported the breach as affecting the IoTeX bridge, with losses exceeding $8 million, including funds swapped to ETH and bridged via THORChain to BTC. Independent analysts like @0xOwnerpaiN challenged IoTeX's figures, pointing to on-chain data showing over $4.1 million in BTC alone (56.38 BTC worth ~$3.85M) plus additional ETH in frozen wallets. Other sources, including CoinTelegraph and ChainCatcher, corroborated the $4.3 million figure based on Specter's analysis, while some outlets inflated it to $8.8 million amid rumors of broader bridge vulnerabilities.

The market reaction was immediate: IOTX's price plummeted over 8% in the hours following the news, reflecting investor concerns about the platform's security. IoTeX, known for its focus on real-world AI and IoT integration via blockchain, has emphasized transparency and promised further updates. Community responses on X range from calls for better multi-signature safeguards to criticisms of the initial handling, with some users questioning if this was an insider job.

This event underscores ongoing risks in DeFi and blockchain ecosystems, where private key management remains a critical weak point. As investigations continue, stakeholders are advised to monitor official channels for developments. IoTeX has assured that user funds outside the affected safe remain secure.