IoTeX Bridge Hacked for $8.8M via Private Key Exploit, IOTX Price Tumbles

The IoTeX blockchain's cross-chain bridge was compromised on February 21, 2026, in a security breach that resulted in an estimated $8.8 million in losses. The attack, which occurred between 7 and 9 AM UTC, was executed via a compromised private key, granting the hacker control over IoTeX's TokenSafe and MinterPool contracts.

On-chain analyst Specter first flagged the breach, reporting the initial drain of $4.3 million in various crypto assets, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD. The hacker then swapped these stolen funds for Ethereum (ETH). Beyond this initial theft, the attacker exploited the compromised contracts to mint an additional $4 million in CIOTX tokens and $4.5 million in CCS tokens, pushing the total estimated losses toward $9 million.

Blockchain security firm PeckShield confirmed the exploit on social media, stating, "The IoTeX Bridge has been hacked for over $8M worth of crypto due to a compromised private key. The hacker has swapped the stolen funds to $ETH and has started bridging them to BTC via THORChain." The attacker subsequently bridged approximately 45 ETH to the Bitcoin network using THORChain, complicating recovery efforts.

IoTeX confirmed awareness of the breach by 10:30 AM UTC but contested the circulating loss figures. The team stated, "Initial estimates indicate the potential loss is significantly lower than circulating rumors suggest," and added that they had "already coordinated with major exchanges and security partners, which are actively assisting in tracing and freezing the hacker’s assets." Three attacker addresses have been publicly identified so far.

The native IOTX token reacted sharply to the news, trading near $0.0049 at the time of reporting—a drop of 9.2% over 24 hours, with daily trading volume surging over 507%. This incident is part of a troubling trend for cross-chain bridges in early 2026, following a $3 million exploit on CrossCurve just three weeks prior and nearly $400 million in total crypto thefts reported industry-wide in January alone. IoTeX has stated the situation is "under control" and promised further updates.