IoTeX Acknowledges Token Safe Security Breach, Reports Damage Limitation Successful

The IoTeX team is investigating unauthorized activity connected to a token safe, working with cryptocurrency exchanges to track stolen assets following reports suggesting a potential private key security breach.

The decentralized identity protocol IoTeX has acknowledged that it is examining suspicious activity associated with one of its token safes following alerts from blockchain analysts about a potential security breach.

Through a Saturday statement on X, the development team announced that personnel were "fully engaged, working around the clock to assess and contain the situation." According to IoTeX, preliminary calculations suggest the actual loss amount is smaller than what has been circulating in community speculation, and the organization has established coordination with leading cryptocurrency exchanges and security firms to identify and immobilize assets associated with the unauthorized actor.

"The situation is under control. We will continue to monitor closely and provide timely updates to the community," the project said.

The native token of IoTeX (IOTX) experienced a decline in the aftermath of the security incident, with its value decreasing by more than 8% during a 24-hour period to approximately $0.0049, based on information from CoinMarketCap.

Analyst says compromised key drained $4.3 million

The official statement followed after blockchain investigator Specter alleged that a private key associated with the safe may have been compromised.

The blockchain analyst disclosed that the wallet experienced a complete drainage of multiple digital assets, including USDC (USDC), USDt (USDT), IoTeX (IOTX) and wrapped Bitcoin (WBTC), with total losses calculated at approximately $4.3 million. According to reports, the stolen digital assets were subsequently converted into Ether (ETH), with approximately 45 ETH transferred to the Bitcoin network via a bridge.

IoTeX wallet breach led to $4.3 million in losses — The IoTeX wallet security incident resulted in $4.3 million worth of losses. Source: Specter

Specter additionally shared wallet addresses believed to be controlled by the suspected malicious actor, along with transaction documentation demonstrating swift asset movements utilizing decentralized exchanges and token conversion mechanisms. The observed activity indicated an effort to rapidly liquidate assets and transfer them between blockchain networks to hinder recovery operations.

Most crypto projects don't recover from hacks

According to previous Cointelegraph coverage, approximately 80% of cryptocurrency projects that experience significant security breaches face difficulty in recovering, predominantly because of poorly managed incident responses rather than the direct financial losses, based on statements from Web3 security experts. Mitchell Amador, CEO of Immunefi, explained that numerous development teams lack adequate preparation for security incidents, resulting in postponed decision-making and inadequate communication throughout the critical initial hours, which amplifies financial damage and undermines user trust.

Beyond the implementation of technical remediation measures, the damage to reputation can persist for extended periods. Kerberus CEO Alex Katz observed that substantial security exploits frequently lead to user fund withdrawals, diminishing liquidity levels and sustained credibility harm that cryptocurrency projects seldom successfully recover from.