Blockchain Project Suffers $2 Million Hack After Private Key Compromise

Layer-1 blockchain project IoTeX experienced a security breach after a compromised private key allowed an attacker to drain approximately $2 million in crypto assets from its ecosystem.

How the Exploit Happened

According to the project team, the attacker gained unauthorized access to a private key associated with IoTeX’s TokenSafe and MinterPool smart contracts.

Initial estimates from on-chain security firms such as PeckShield and Specter suggested losses exceeding $8 million. However, IoTeX co-founder Raullen Chai later clarified that the confirmed financial impact stands closer to $2 million.

The attacker drained multiple assets, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD.

After extracting the funds, the hacker converted the tokens into Ethereum and bridged the ETH to the Bitcoin network using THORChain. This cross-chain movement is commonly used to complicate transaction tracing and obscure fund flows.

Response and Containment

The IoTeX team stated that the incident was quickly contained. Normal network operations and exchange deposits were expected to be restored within 24 to 48 hours following mitigation efforts.

The project is coordinating with centralized exchanges and blockchain security partners to monitor attacker addresses and freeze any recoverable assets linked to the exploit.

Raullen Chai also indicated that the company possesses multiple pieces of evidence suggesting a sophisticated group has been targeting IoTeX and other projects over recent months.

Market Reaction

The IOTX token reacted negatively to the news. Within 24 hours of the breach, the token fell approximately 9.2%, trading near $0.0049.

While the confirmed losses were lower than early estimates, the incident highlights ongoing risks related to private key management and smart contract security across blockchain ecosystems.

The post Blockchain Project Suffers $2 Million Hack After Private Key Compromise appeared first on ETHNews.