IoTeX reported a hack that resulted in losses of approximately $2 million, disputing estimates by on-chain analysts placing the theft at $4.3 million.
Summary
- IoTeX Confirms $2M Exploit, Suspends Chain for Security Upgrades.
- Analysts estimate $4.3 million after token minting and cross-chain laundering.
- Stock exchanges and law enforcement are working to freeze stolen funds.
The blockchain platform said it coordinated with exchanges and law enforcement to freeze stolen funds following what it called a “long-planned attack by professional actors targeting multiple chains.”
On-chain analyst Specter published that IoTeX’s private key may have been compromised, leading to the loss of several contract assets including USDC, USDT, IOTX, PAYG, WBTC, and BUSD.
The attacker exchanged the stolen assets for ETH and linked 45 ETH to Bitcoin, while minting 111 million CIOTEX tokens.
IoTeX said on-chain operations and deposits would resume in 24-48 hours after security upgrades are finalized.
IoTeX Disputes $4.3M Loss Estimate With Confirmation of $2M
IoTeX’s initial statement acknowledged “suspicious activity involving an IoTeX token vault” and noted that “the potential loss is less than circulating rumors suggest.”
The team said it coordinated with major exchanges and security partners to actively help trace and freeze the attacker’s assets.
The updated statement confirmed that “the impact of the exploit is approximately US$2 million (including USDC, USDT, IOTX and WBTC). »
Specter’s analysis showed that the attacker emptied multiple contract assets and executed a multi-step laundering process.
The stolen funds were exchanged for ETH, with at least 45 ETH linked to Bitcoin, where tracing becomes more difficult. The creation of 111 million CIOTEX tokens shows that the attacker took control of the token issuance functions.
Secure channel with 24-48 hour downtime for upgrades
IoTeX suspended operations of the chain following the discovery. “Our team has the situation under control and the IoTeX chain is being secured,” announces the platform.
Depots and normal operations will resume within 24-48 hours pending completion of security upgrades.
The team is working with law enforcement to investigate and recover the funds. IoTeX is also committed to making transparent updates as the situation evolves.
