On February 24, blockchain project IoTeX announced a 10% white hat bounty (approximately $440,000) in response to the exploit of its cross-chain bridge, ioTube. The offer was made on the condition that the attacker return approximately $4.4 million in stolen assets within 48 hours, with a commitment not to pursue legal action.
The incident occurred on February 21 and was caused by the leakage of a validator private key on the Ethereum side, which resulted in unauthorized control of the bridge contract. IoTeX clarified that the vulnerability was related to cross-chain bridge operations and did not impact its Layer 1 mainnet or core smart contract architecture. Co-founder and CEO Raullen Chai stated that the team had issued an on-chain non-prosecution message to the attacker and continues to trace the movement of funds.
Approximately 66.6 BTC (around $4.3 million) have been identified across multiple Bitcoin addresses. Several exchange deposit addresses have also been flagged and frozen. Blockchain security firm PeckShield initially estimated that the affected assets might exceed $8 million. Some funds were reportedly converted into ETH and bridged to BTC via THORChain. IoTeX later revised the confirmed loss to approximately $4.3 million.
To mitigate future risks, IoTeX released mainnet upgrade version v2.3.4, introducing a default malicious address blacklist mechanism and requiring node operators to upgrade promptly. The team also stated that if the assets cannot be recovered, a compensation plan will be announced.
In recent years, cross-chain bridges have become a frequent target due to their complex validation mechanisms and asset-locking models. Weak private key management, permission misconfigurations, and delayed monitoring responses often amplify security risks.
Against this backdrop, deploying professional on-chain monitoring and fund tracking systems has become increasingly critical. Solutions such as Trustformer KYT provide real-time risk identification and abnormal fund path analysis, enabling platforms to detect suspicious activity at an early stage, shorten response times, and reduce potential losses.
Cross-chain security depends not only on underlying technical upgrades but also on continuous monitoring mechanisms. By leveraging on-chain compliance solutions like Trustformer KYT, institutions can track large transfers, cross-chain asset flows, and high-risk address interactions in real time, building a more resilient defense framework within complex cross-chain environments.
The ioTube incident once again highlights a critical industry lesson: as cross-chain infrastructure continues to innovate and scale, it must simultaneously strengthen key management, permission isolation, and on-chain risk control systems to safeguard digital assets and maintain user trust in an evolving crypto ecosystem.