Attacker moved stolen assets across multiple chains as team urges users to revoke contract approvals.
The IoTeX network experienced a security breach on February 21, with approximately $4.3 million in assets stolen through what analysts suspect was a compromised private key. The attacker subsequently transferred the funds across multiple blockchain networks, according to security researchers tracking the incident.
On-chain analyst @0xSunNFT first flagged the breach, reporting that the exploiter had moved assets from the IoTeX chain to other networks. Blockchain security firm TenArmor confirmed the findings, stating the incident appears to stem from a leaked private key rather than a vulnerability in the core protocol.
The stolen assets include approximately 4.7 million in veIOTX, 1.6 million in IOTX, and 570,000 in Wrapped Ethereum (WETH) across various wallets, TenArmor’s analysis shows. The attacker exchanged the veIOTX for IOTX and transferred the funds through multiple addresses before bridging them to other chains.
IoTeX core contributors acknowledged the incident and advised users to immediately revoke any contract approvals. The team stated they are investigating the breach and working with centralized exchanges to monitor the exploiter’s addresses.
The project’s native token IOTX traded at approximately $0.025 prior to the incident, with on-chain data showing the attacker’s wallet still holding a portion of the stolen assets at the time of reporting.
Security researchers noted that the breach affects user funds but does not indicate a compromise of the IoTeX blockchain’s consensus mechanism or core infrastructure. The precise method of private key exposure remains under investigation, with no official attribution to any specific vulnerability or failure mode.
Several blockchain security firms have added the attacker’s addresses to their monitoring systems, and IoTeX has begun notifying partners across the decentralized finance ecosystem that integrates with its network.
Why this matters: The incident introduces immediate counter-party risk for users interacting with IoTeX ecosystem applications, as compromised private keys can enable further unauthorized transactions if contract approvals remain active. From a security perspective, the cross-chain movement of stolen assets highlights the operational challenge of fund recovery once bridges become involved, while the suspected private key leak underscores persistent risks associated with key management practices across both protocol teams and users.
Source: ChainCatcher