Crypto-AI project IoTeX was hit by a security incident on Saturday after a hacker gained access to a private key connected to its cross-chain bridge infrastructure.
The breach gave the attacker control over important smart contracts, TokenSafe and MinterPool, allowing funds to be withdrawn directly from the project’s vault.
Blockchain security firm PeckShield and onchain analyst Specter estimated losses could reach as much as $8.8 million, though IoTeX has challenged the higher figures.
Specter first raised the alarm early in the day, reporting that roughly $4.3 million had already been drained. The stolen assets included USDC, USDT, IOTX, PAYG, WBTC, and BUSD.
It’s important to note that the hack didn’t happen because of a bug in the smart contracts; it happened because someone used stolen access credentials.
The attack also comes at a time when private key hacks accounted for 88% of stolen funds in Q1 2025, and the hack method has remained a constant threat in 2026. The total crypto hack in 2025 was over $3.4 billion, according to Chainalysis.
Attacker swaps stolen funds to ether
The attacker quickly moved to obscure the stolen funds by converting the drained assets into ether through decentralized exchanges such as Uniswap, before transferring around 45 ETH to the Bitcoin network.
Blockchain security firm PeckShield confirmed that the exploiter used THORChain to shift funds across chains, a laundering method previously observed in earlier crypto hacks tracked by onchain investigator ZachXBT.
According to analyst Specter, the attacker also exploited the compromised contracts to mint nearly 111 million CIOTX tokens, valued at about $4 million. CIOTX serves as IoTeX’s cross-chain token standard for multichain liquidity. Specter later added that another 9.3 million CCS tokens, worth roughly $4.5 million, were also drained.
IoTeX says team is working to contain the incident
IoTeX confirmed the security incident on X about three hours after initial reports surfaced, stating that its team was working continuously to assess and contain the breach.
Co-founder and CEO Raullen Chai said centralized exchanges were assisting in tracking and freezing stolen funds, adding that the situation was under control.
The IoTeX blockchain has been temporarily halted, but Chai said the network is expected to resume within 24–48 hours once hacker-linked addresses are frozen, after which exchange deposits will also restart.
He added that actual losses appear lower than early estimates and that the team is working with security partners to investigate and recover funds while providing transparent updates.