Decentralized identity protocol IoTeX has confirmed that it is investigating unusual activity related to one of its token vaults after on-chain analysts flagged a possible security incident.
In a post to X on Saturday, the project’s team said it was “working hard around the clock to assess and contain the situation.” IoTeX said early estimates indicate the potential losses are lower than widespread rumors, adding that it is working with major exchanges and security partners to track and freeze funds associated with the attackers.
“The situation is under control. We will continue to closely monitor it and provide timely updates to our community,” the project said.
IoTeX’s native token (IOTX) fell in the wake of the incident, with its price dropping more than 8% in 24 hours to around $0.0049, according to data from CoinMarketCap.
Related: CertiK links $63M Tornado Cash deposit to $282M wallet breach
Analysts say compromised keys exposed $4.3 million
The response came after on-chain researcher Spector claimed that private keys connected to the vault may have been compromised.
On-chain detectives revealed that several tokens were leaked from the wallet, including USDC (USDC), USDt (USDT), IoTeX (IOTX), and Wrapped Bitcoin (WBTC), with losses estimated at approximately $4.3 million. The stolen funds were reportedly exchanged into Ether (ETH), with approximately 45 ETH bridged to Bitcoin.
Analysts also published addresses associated with the suspected attackers, along with transaction records showing rapid movement through decentralized exchanges and token swaps. This activity signaled an attempt to quickly transform and move assets between chains, complicating recovery efforts.
Related: SwapNet exploit steals up to $13.3 million from Matcha Meta users
Most crypto projects cannot recover from hacks
As reported by Cointelegraph, nearly 80% of crypto projects hit by major hacks are struggling to recover, largely due to poor response rather than immediate financial damage, according to Web3 security leaders. Mitchell Amador, CEO of Immunefi, said many teams are unprepared for a breach, leading to delayed decisions and lack of communication during critical early hours, compounding losses and undermining user confidence.
Even after technical fixes are implemented, reputational impacts may remain. Kerberus CEO Alex Katz pointed out that significant abuses often cause users to withdraw their funds, reduce liquidity, and cause long-term reliability declines that projects are unlikely to overcome.
magazine: How will cryptocurrency law change in 2025 and how will it change in 2026?
