IoTeX (IOTX)

IoTeX released the third progress update and compensation plan for the ioTube cross-chain bridge security incident, stating that it has completed 100% tracking of the on-chain flow of stolen funds and continues to cooperate with exchanges, security agencies, and law enforcement; it also promises that regardless of the final recovery outcome, the IoTeX Foundation will provide 100% compensation to eligible affected users. The plan shows that affected users will be compensated in tiers based on the amount: users with $10,000 or less will receive a one-time full compensation once the claim portal is launched; amounts exceeding $10,000 will be disbursed quarterly over 12 months, with an additional 10% compensation in the form of IOTX locked for 12 months. https://t.co/lVIuMCLCpk

📢 Exchange Service Recovery Update IoTeX mainnet has been fully operational since February 24. Exchange services are progressively resuming: ✅ Full service (deposits + withdrawals): @coinbase @MEXC_Official ✅ Withdrawals LIVE: @binance @Official_Upbit 🔄 Resuming soon: @bitget @gate_io @wallet @BithumbOfficial @kucoincom @HashKey_Global @BitMartExchange and others We are in direct contact with all exchange partners to restore full services as soon as possible. Updates will follow as each exchange comes online. We are also working closely with law enforcement agencies, leading blockchain analytics firms, and asset recovery specialists to trace and recover the stolen funds. The attacker's movements are being monitored in real time. Thank you to our exchange partners and community for the continued support. 🙏

after hack 4 - IoTex Private Key Compromise @0xswapnet @claudeai Hack occurred on 26.01.26 An incident on Jan 1, 26 where 13M was stolen after approval. Due to a vulnerability in the swapnet contract, the hacker siphoned funds from victim wallets that had approved swapnet. BASE -> Relay Bridge -> Ethereum Total loss $13.34M Ethereum addresses currently holding assets 0x6cAad74121bF602e71386505A4687f310e0D833e 0x8bcd90f63e998e7c2cda4b5dea8cb7fe8ca5ea81 0x7402875231D63FE9e30D854c526910581386E5D2 0x21fbC7050F3bd934D9963655724C34205cbdf100 0x578D892aC5A25CA46E03b9A5C4C2C2679894C400 0x6A715e758bE14502F6aaF0643594e99dF93ab1f7 0x61d7cC832F967e78Ba2D167358899Ec11622193b 0xd640b6e0a4da928a1fb46de9b8fec695e14c284a ======= During development, it seems intra-chain transfers are generally not problematic, but swap processing and the bridge part have the most issues. Thorswap appears to have the most problems among bridges, Relay is fast and convenient, so it is used a lot, though it has some complexities.

after hack3 - IoTex Private Key Compromise @claudeai @iotex_io I tracked the recent IoTex validator key leak incident. I transferred assets to ETH and swapped to BTC using Thorswap. While tracking Thorswap transactions, various issues arose, taking a long time to plot the timeline, and since it hasn't been fully fixed, I need to test a few more cases that route through Thorswap.

Since the beginning of 2026, at least 16 protocols got exploited. Feb 22: @blend_capital ($10.5M) Feb 21: @iotex_io ($8M) Feb 18: @MoonwellDeFi ($1.7M) Feb 2: @crosscurvefi ($1.3M) Jan 31: @StepFinance_ ($28.9M) Jan 28: @XPlayer_Media ($700K) Jan 26: @ApertureFinance ($3.6M) Jan 25: @0xswapnet ($13.3M) Jan 21: @Sagaxyz__ ($7M) Jan 20: @GyroStable ($800K), @makina ($4.1M), @mithril_money ($0.6M) Jan 13: @yield ($3.7M) Jan 8: @Truebitprotocol ($26.6M) Jan 7: @ipor_io ($330K) Jan 6: @TMXTribe ($1.4M) ... which totals to $112.8M.

IoTeX L1 is Back Online & Stable! 🟢 Following the recent security incident, we acted fast to secure the network. Thanks to our core devs & delegates tireless work, L1 resumed operations and upgraded on Feb 23, 2026. Security Hardening: ✅ v2.3.4 Update: New default blacklist auto-filters malicious EOA addresses to boost network security. Next Steps: A comprehensive compensation plan for affected bridge users will be published within 24 hours. Thank you for your patience and continued support. 🛠️

According to CoinDesk, IoTeX offered a "white hat" solution to the attacker regarding the ioTube cross-chain bridge incident on February 21: if approximately $4.4 million of stolen funds are returned within 48 hours, a 10% bounty (about $440,000) will be paid, and CEO Raullen Chai stated that no legal action will be taken; IoTeX said the cause was the leakage of the owner private key of the Ethereum-side validator, which led to unauthorized control of the bridge contract, classifying it as an operational security issue rather than an L1 or smart contract vulnerability. It also stated that it has traced the funds across chains and identified related Bitcoin addresses holding about 66.6 BTC, while advancing the Mainnet v2.3.4 upgrade and introducing a default blacklist of addresses; after the incident, IOTX dropped about 22%. https://t.co/8O5fvwlcGo

🚨 IoTeX offers 10% bounty to cross-bridge hacker for $4.4M return within 48 hours. IoTeX co-founder and CEO Raullen Chai told CoinDesk he will not press charges if the stolen assets or equivalent value are returned within the two-day window.

⚠️ IoTeX pauses network after severe breach IoTeX halted its chain due to a security vulnerability that caused multimillion-dollar losses. 📰 Full article: https://t.co/chJ4u0iyUI