Decentralized identity protocol IoTeX has confirmed that it is investigating unusual activity tied to one of its token safes after onchain analysts flagged a possible security incident.
In a Saturday post on X, the project said its team was “fully engaged, working around the clock to assess and contain the situation.” IoTeX added that early estimates indicate the potential loss is lower than circulating rumors and that it has coordinated with major exchanges and security partners to trace and freeze funds linked to the attacker.
“The situation is under control. We will continue to monitor closely and provide timely updates to the community,” the project said.
IoTeX’s native token (IOTX) dropped following the incident, with the price sliding more than 8% over 24 hours to around $0.0049, according to data from CoinMarketCap.
Related: CertiK links $63M in Tornado Cash deposits to $282M wallet compromise
Analyst says compromised key drained $4.3 million
The response came after onchain investigator Specter claimed a private key connected to the safe may have been compromised.
The onchain sleuth revealed that the wallet was drained of several tokens, including USDC (USDC), USDt (USDT), IoTeX (IOTX) and wrapped Bitcoin (WBTC), with losses estimated at roughly $4.3 million. The stolen funds were reportedly swapped into Ether (ETH), and about 45 ETH was bridged to Bitcoin.
The analyst also published addresses associated with the suspected attacker, alongside transaction records showing rapid movements through decentralized exchanges and token swaps. The activity suggested an attempt to convert assets quickly and move them across chains to complicate recovery efforts.
Related: SwapNet exploit drains up to $13.3M from Matcha Meta users
Most crypto projects don’t recover from hacks
As Cointelegraph reported, nearly 80% of crypto projects hit by major hacks struggle to recover, largely due to mismanaged responses rather than the immediate financial damage, according to Web3 security leaders. Immunefi CEO Mitchell Amador said many teams are unprepared for breaches, leading to delayed decisions and poor communication during the crucial early hours, which worsens losses and shakes user confidence.
Even after technical fixes are implemented, the reputational impact can linger. Kerberus CEO Alex Katz noted that serious exploits often result in users withdrawing funds, declining liquidity and long-term credibility damage that projects rarely overcome.
Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026
