IoTeX breach caused by private-key compromise of TokenSafe and MinterPool
IoTeX reported suspicious activity in its token vault and began tracking and freezing hacker-linked assets. Early indicators point to a private-key compromise targeting the TokenSafe and MinterPool bridge contracts.
As reported by The Block, the breach stemmed from a compromised private key controlling TokenSafe and MinterPool, enabling unauthorized asset movements. The team coordinated with centralized exchanges, paused chain activity for security work, and prepared contract upgrades to restrict minting pathways.
Security partners and on-chain analysts began tracing flows across tokens and chains. Some funds were swapped and bridged quickly, complicating freezes at decentralized venues.
Why the exploit matters for users, exchanges, and bridges
The incident highlights single-key risk in cross-chain infrastructure and the limits of freezing in non-custodial environments. According to PeckShield, the private-key exploit was confirmed and attacker addresses associated with the impacted contracts were mapped.
“Actual losses are significantly lower … around $2 million,” said Raullen Chai, IoTeX co‑founder and CEO, adding that the team is tracing stolen funds and coordinating freezes.
As reported by Cointelegraph, an on-chain specialist estimated about $4.3 million drained across USDC, USDT, IOTX, WBTC, PAXG, and BUSD, while roughly 111 million CIOTX and 9.3 million CCS were minted, pushing some headlines toward $8.8 million.
The spread between figures reflects whether freshly minted or deprecated representations are counted as realizable losses. Economic impact may be closer to the lower end if such tokens lack market value or remain frozen.
IoTeX’s asset tracking and freezing focuses on exchange cooperation and address blocking at custodial endpoints. Assets that stay in decentralized wallets or route through DEX liquidity are harder to freeze, which is typical in cross-chain incidents.
At the time of this writing, IOTX traded near $0.004519 with bearish sentiment and an oversold RSI around 29. Market conditions can shift as investigations progress and mitigations land.
Check exposure to TokenSafe and MinterPool contracts
Review whether any wallets or custodial accounts interacted with TokenSafe, MinterPool, or tokens minted from those contracts, including CIOTX or CCS. Use reputable block explorers to examine transfers and approvals. Avoid initiating new transactions that depend on the affected minting or bridge pathways until official updates confirm safety.
Monitor IoTeX updates on tracking and freezing progress
Follow official channels for status on address blacklisting, exchange coordination, and contract deprecations or upgrades. Freezing is most effective when funds touch centralized platforms; decentralized venues generally cannot seize assets. Timelines for chain or contract changes can vary as engineering and partner reviews proceed.
FAQ about IoTeX private key exploit
How much was actually lost and why do estimates range from about $2M to as high as $8.8M?
Estimates differ because some counts include freshly minted or deprecated tokens. Analysts tallied ~$4.3M–$8.8M gross; IoTeX leadership has guided closer to ~$2M net impact.
Which tokens and wallet addresses are affected, and where can I verify the attacker flows?
Affected assets include USDC, USDT, IOTX, WBTC, PAXG, and BUSD. Attacker routes and addresses were published by independent security monitors and can be cross-verified on block explorers.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Source: https://coincu.com/news/iotex-flags-private-key-exploit-as-funds-are-frozen/
