On February 21, 2026, IoTeX, a Layer-1 blockchain designed to link Internet of Things devices with decentralized applications and real-world artificial intelligence, faced a targeted security breach involving a compromised private key. The incident affected the project’s cross-chain bridge system, known as ioTube, leading to unauthorized access and asset drainage estimated at approximately $2 million by the company’s leadership.
The exploit occurred early that Saturday, between roughly 7 and 9 a.m. UTC.
Attackers used a validator owner private key to seize control of two key Ethereum-side smart contracts: TokenSafe, which holds bridged assets, and MinterPool, responsible for token issuance across connected networks including Ethereum, Binance Smart Chain, and Base.
This granted the perpetrator the ability to withdraw tokens directly from the vault and mint additional units without exploiting any code vulnerability in the contracts themselves.
Security researchers and on-chain analysts, including firms like PeckShield and investigator Specter, initially flagged much larger figures—up to $8.8 million—based on observed movements.
These estimates incorporated drained holdings of USDC, USDT, IOTX, WBTC, and other tokens, plus newly minted CIOTX (a cross-chain variant for DePIN liquidity) and CCS tokens.
However, IoTeX co-founder Raullen Chai quickly clarified the scope in statements to media and on social platforms.
He noted that the confirmed economic impact stands at around $2 million, primarily involving USDC, USDT, IOTX, and WBTC.
Many of the additional minted tokens, such as the deprecated CCS, carry negligible or zero market value, while CIOTX holdings were promptly frozen and slated for upgrades to prevent further movement.
Crucially, the core IoTeX Layer-1 blockchain, its consensus mechanism, and all native smart contracts stayed fully secure and operational in their primary environment.
The breach remained isolated to the bridge’s Ethereum-facing components, leaving user funds on the main IoTeX chain untouched. Chai emphasized this distinction, posting that “all funds are safe on the IoTeX chain.”
The team’s response was rapid and coordinated.
Within hours of detection, operators paused bridge functions to limit damage, conducted a complete on-chain trace of the stolen assets, and initiated widespread freezes.
Major exchanges collaborated to block deposits from identified attacker addresses, while law enforcement was engaged for tracing and potential recovery.
The main chain itself was temporarily suspended to roll out strengthened security protocols, with full resumption—including exchange deposits—projected within 24 to 48 hours.
Market reaction followed swiftly.
The native IOTX token dropped about 9 percent in the immediate aftermath, trading near $0.0049 with trading volume surging over 500 percent as uncertainty spread.
Analysts observed the attacker swapping drained assets for ETH on decentralized exchanges before bridging portions, including around 45 ETH, to Bitcoin via THORChain in an apparent laundering attempt.
Founded in 2017, IoTeX has built a reputation for advancing decentralized physical infrastructure networks (DePIN) and bridging blockchain with physical devices through partnerships with industry leaders.
🚨 Update on the recent security incident:
Our team has contained the situation and the IoTeX chain is being secured. Current data confirms the exploit impact is around $2M USD (including USDC, USDT, IOTX, and WBTC).
Investigations show this was a sophisticated, long-planned…
— IoTeX (@iotex_io) February 21, 2026
This incident highlights ongoing challenges in the sector, where private key compromises continue to represent a leading cause of losses in cross-chain systems.
Bridge exploits have accounted for a disproportionate share of crypto thefts in recent years, often stemming from key management oversights rather than smart-contract bugs.
Despite the setback, IoTeX leadership described the situation as contained and under control.
Recovery efforts focus on freezing the majority of traceable assets, and the project pledged continued transparency with regular community updates.
While the financial toll appears limited compared to early reports, the event serves as a reminder for blockchain projects to prioritize proper private key custody, multi-signature controls, and rapid incident response in an increasingly sophisticated threat landscape.
As operations prepare to restart, stakeholders will watch closely for full asset recovery details and any long-term security enhancements. For a network positioned at the intersection of IoT, AI, and decentralized finance, rebuilding confidence through decisive action remains paramount.