IoTeX Hit by Private Key Exploit Resulting in Stolen Funds

Crypto-AI project IoTeX's cross-chain bridge infrastructure was hit by a private key exploit on Saturday, with an attacker draining up to $8.8 million in funds.

According to independent estimates, the total losses could be as high as $8.8 million, although IoTeX has disputed these figures. The incident was first reported by onchain analyst Specter and confirmed by blockchain security firm PeckShield.

The attacker used the compromised private key to drain assets from IoTeX's vault, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD. The stolen funds were then quickly laundered through decentralized exchanges, with the attacker swapping them for ether via Uniswap and bridging roughly 45 ETH to the Bitcoin network.

IoTeX's blockchain is currently down, with the project's co-founder and CEO Raullen Chai stating that it will be back online within 24-48 hours once the hackers' addresses have been frozen. In a separate email to The Block, Chai estimated the total loss at around $2 million.