IoTeX has committed to fully reimbursing users affected by a $4.4 million exploit of its ioTube bridge, pledging to use its own treasury funds to cover all losses. The hack, which occurred on February 21, 2026, resulted in the theft of approximately $4.4 million in assets from the bridge's reserve.
The Foundation has implemented a tiered compensation system. Tier 1 covers losses up to $10,000, representing over 90% of affected users, who will receive immediate reimbursement in stablecoins or native Ethereum assets. Tier 2 applies to losses exceeding $10,000; the first $10,000 is paid immediately, with the remaining balance distributed in quarterly installments over 12 months. Tier 2 claimants will also receive an additional 10% bonus in annually staked IOTX tokens, guaranteeing a 110% recovery of their original value. The claims portal was scheduled to open on February 27.
In parallel, IoTeX has submitted a drastic governance proposal, IIP-56, to permanently end support for its cross-chain CIOTX token across all major networks, including Ethereum, Base, Solana, Binance Smart Chain, Polygon, and the IoTeX mainnet. This proposal is a direct response to the hack, which was caused by a validator key compromise that allowed an attacker to illicitly mint 410 million CIOTX tokens, bridge them, and convert them into Bitcoin and Ethereum.
The IoTeX team developed a real-time tracking tool called ioTrace, which traced 100% of the stolen funds. The assets were converted into approximately 2,183 ETH and then moved to Bitcoin via THORChain, accumulating 66.78 BTC spread across four addresses that are now under permanent monitoring. The security update also blocked 29 identified attacker addresses and froze approximately 45 million IOTX tokens at the protocol level. The Foundation is working with over 20 exchanges and has filed formal reports with the FBI.
For long-term security, IoTeX plans to implement IIP-55, a governance protocol that will transfer bridge operations to a decentralized committee of validators, eliminating the central point of failure. The proposal will also incorporate multi-signature controls, time locks, independent audits, and a bug bounty program. The IIP-56 proposal to wind down CIOTX will now enter a formal community discussion phase before a binding governance vote.
