Industry

IoTeX Confirms $4.3M ioTube Bridge Breach, Validator Key Compromised

IoTeX said the breach was limited to ioTube’s Ethereum contracts, paused within hours, with the attacker executing 189 rapid transactions to mint and move funds across chains.

Written By:
Dishita Malvania
IoTeX Confirms $4.3M ioTube Bridge Breach, Validator Key Compromised

Key Highlights

  • IoTeX confirmed a $4.3M ioTube bridge breach tied to a compromised validator key, while its Layer 1 chain and core infrastructure remained secure.
  • The attacker carried out 189 rapid transactions, minting tokens and moving funds through THORChain into multiple Bitcoin wallets.
  • On-chain analysts linked the wallet activity to earlier major hacks, including the $49M Infini exploit, pointing to a possible repeat attacker.

IoTeX, a real-world AI–focused blockchain network, has confirmed that its ioTube cross-chain bridge was breached on February 21, 2026, leading to the loss of roughly $4.3 million. The attack, which unfolded over just a few hours, was traced to a compromised validator owner’s private key on the Ethereum side of the bridge, according to the project.

The update was shared by IoTeX co-founder Raullen, who said the incident was detected quickly and contained before it could spread further. Importantly, IoTeX said the breach did not affect its Layer 1 blockchain, its consensus mechanism, or any native smart contracts.

As reported earlier by CryptoTimes, independent on-chain analyst Specter flagged the incident on X, pointing to suspicious transactions tied to the project’s treasury multisig or safe. On-chain data showed the attacker minting and transferring out assets, including USDC, USDT, IOTX, WBTC, BUSD, and other token,s before the activity was contained.

Core IoTeX Network Remained Secure

IoTeX stressed that the exploit was isolated and did not touch its core infrastructure.

“The IoTeX L1 chain, its consensus mechanism, and all native smart contracts were NOT compromised. The exploit was isolated to ioTube’s Ethereum-side bridge contracts.”

Bridge deployments connected to Binance Smart Chain, Base, and other supported networks were not affected, the team said.

Bridge Paused Within Hours of Detection

According to IoTeX, abnormal activity was spotted within hours of the attack beginning. Validators and community members coordinated to pause the ioTube bridge, limiting the damage while investigators began tracing the stolen funds on-chain.

“We detected the incident within hours, the community worked together paused the bridge to contain the damage, and have since completed a full on-chain trace of all stolen assets.”

The project said the majority of the stolen assets are now locked, frozen, or under active recovery, supported by cooperation from ecosystem partners.

A Fast-Moving, Well-Planned Attack

On-chain data that IoTeX reviewed shows this wasn’t a hit-and-run exploit. It was planned. The attacker moved fast, firing off 189 transactions one after another, grabbing control of the contracts, minting tokens, dumping them across DEXs, and bridging the funds out almost immediately.

To get the money out of Ethereum, the attacker used THORChain, swapping ETH straight into Bitcoin without touching centralized services. From there, the funds were split and pushed through a chain of wallets before landing in four separate Bitcoin addresses — the same kind of cleanup process that’s shown up in earlier major crypto hacks.

The timing of the exploit also raised eyebrows. It was launched on a Saturday morning (UTC), a period when response times from centralized entities such as stablecoin issuers and exchanges are often slower.

Independent on-chain analysts have identified a funding trail linking the attacker’s wallet to the $49 million Infini stablecoin platform hack in February 2025. While no formal attribution has been made, the overlap has fueled speculation that the same group could be behind multiple high-profile bridge and DeFi exploits.

IoTeX said it is aware of the findings and continues to monitor related wallet activity.

How the Hack Happened

Based on current findings, the attacker gained access through a compromised validator owner’s private key, which allowed control over ioTube’s MintPool and TokenSafe contracts on Ethereum.

With administrative permissions in hand, the attacker minted unauthorized tokens and moved them rapidly through DeFi venues before the bridge was shut down. IoTeX emphasized that the breach was not caused by a flaw in its Layer 1 design, but by a failure in key security tied to bridge operations.

What Comes Next

IoTeX said a full post-incident report will be released once recovery efforts are complete. The ioTube bridge remains paused as the team reviews validator security practices and strengthens operational safeguards.

While most of the damage now appears contained, the incident adds to a growing list of cross-chain bridge breaches and serves as another reminder that private key security remains one of the most critical and fragile components of decentralized infrastructure.

Also Read: Sydney Police Bust $5M Crypto Scam Targeting Elderly Australians

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Dishita Malvania - Senior crypto journalist at The Crypto Times
By Dishita Malvania
Follow:
Dishita Malvania is a Crypto Journalist with 3 years of experience covering the evolving landscape of blockchain, Web3, AI, finance, and B2B tech. With a background in Computer Science and Digital Media, she blends technical knowledge with sharp editorial insight. Dishita reports on key developments in the crypto world—including Litecoin, WazirX, Solana, Cardano, and broader blockchain trends—alongside interviews with notable figures in the space. Her work has been referenced by top digital media outlets like Entrepreneur.com, The Independent, The Verge, and Metro.co, especially on trending topics like Elon Musk, memecoins, Trump, and notable rug pulls.

Latest News

Most Tokenized Assets Are Onchain but Not Really in Use a16z Crypto
Most Tokenized Assets Are Onchain but Not Really in Use: a16z Crypto
Tokenized RWA Market Hits $34B as Bitget Launches Reality Platform
Tokenized RWA Market Hits $34B as Bitget Launches Reality Platform
XRP Flashes Strongest Buy Signal Since 2020 as MVRV Hits Historic Lows
XRP Flashes Strongest Buy Signal Since 2020 as MVRV Hits Historic Lows
SharpLink Gains Russell Index Inclusion Amid ETH Expansion
SharpLink Gains Russell Index Inclusion Amid ETH Expansion
Hong Kong Expands Crypto Licensing With New Proposal for Advisors
Hong Kong Expands Crypto Licensing With New Proposal for Advisors

Find Us on Socials

You may also like