IoTeX bridge exploit raises debate over losses and recovery prospects as CEO offers 10% bounty
IoTeX offered hackers a 10% bounty to return $4.4 million stolen from its ioTube bridge within 48 hours, promising no legal action.Summary
IoTeX offered a 10% white-hat bounty, amounting to $440,000, to the hacker(s) who exploited its ioTube cross-chain bridge by compromising a private key, provided the stolen funds, estimated around $4.4 million, were returned within 48 hours. IoTeX co-founder and CEO Raullen Chai stated they would not press charges or share identifying information if the funds were returned. The exploit, which occurred on February 21, 2026, compromised the Ethereum-side infrastructure of the bridge, though IoTeX's Layer 1 blockchain remained unaffected. Experts noted this incident highlights operational security failures, specifically private key compromise, as a major attack vector in cross-chain bridges. While IoTeX traced roughly $4.3 million across four Bitcoin addresses, security analysts expressed skepticism about full recovery, noting the attacker had already swapped and bridged funds via THORChain. IoTeX is also rolling out a network update, Mainnet v2.3.4, which includes a default blacklist of malicious addresses.
(Source:CoinDesk)