According to Foresight News , IoTeX released a security incident update, confirming that the multi-chain bridge ioTube on the Ethereum side was attacked. The owner account of the Ethereum validator contract was compromised, granting the attacker administrative privileges. The attacker then used these privileges to upgrade the validator contract to a malicious version, bypassing all signature and verification checks. Subsequently, the attacker took control of the token minting pool (MintPool) and the reserve asset vault (TokenSafe), minting 410 million CIOTX tokens and transferring approximately $4.4 million worth of various tokens from the cross-chain reserve.
Of the 410 million CIOTX tokens minted by the attackers, over 86% have been locked or frozen; another 12.8% (52.4 million IOTX) has been traced to Binance, and the team is working with Binance and trading partners to freeze them; only 0.4% (1.7 million) has been exchanged on DEXs. Furthermore, the attackers exchanged the stolen reserve tokens (including assets such as USDC) for approximately 2183 ETH. Of this, approximately 1572 ETH were transferred to the Bitcoin network via THORChain, while the remaining funds are distributed across multiple Ethereum intermediary addresses and are under real-time monitoring. Cross-chain services across all chains will remain suspended until a comprehensive security audit is completed. Detailed compensation plans for affected users will be announced within 48 hours.
