Skip to main content
2 min read

Suspected IoTeX Private Key Leak:
Token Treasury Drained of Approximately $4.3 Million

The IoTeX project suffered a suspected private key compromise, leading to the draining of its token treasury by an attacker. Total losses are estimated at $4.3 million.

AUTOSEC.DEVAUTOSEC.DEV
Suspected IoTeX Private Key Leak: Token Treasury Drained of Approximately $4.3 Million
  • Exploit Date: February 21, 2026
  • Target Project: IoTeX
  • Project Overview: IoTeX is a public blockchain project focusing on the integration of IoT and Web3, providing blockchain infrastructure and related ecosystem services.
  • Loss Amount: $4,300,000
  • Attack Vector: Private Key Leakage / Compromise

Incident Review & Technical Details

  1. Attack Path: The project's private key was suspected to be compromised, granting the attacker control over the Token Treasury. The attacker directly transferred assets held within the contracts.
  2. Impact: Multiple crypto assets were stolen, including USDC, USDT, IOTX, PAYG, WBTC, and BUSD.
  3. Official Assessment: The root cause is identified as a suspected private key leak, which led to the total draining of the fund treasury.
  4. Investigation Progress: The attacker has swapped the stolen assets for ETH and bridged 45 ETH to the Bitcoin network. The associated hacker addresses have been publicly flagged.

AUTOSEC.DEV Solution: Building a 360-Degree Defense

To counter hybrid attacks involving "Web2 Breach + Web3 Monetization," AUTOSEC.DEV provides comprehensive protection from code to personnel:

  1. Team OPSEC (Operations Security) Audit & Hardening: We offer enterprise-grade security training and configuration for core Web3 team members. We assist teams in deploying security hardware and risk detection software to increase the difficulty of social engineering attacks, while auditing password management protocols and device security policies.
  2. End-to-End Incident Response (IR): In an emergency, every second of confusion amplifies the loss. AUTOSEC.DEV provides standardized SOPs (Standard Operating Procedures) and rapid response services tailored to specific business needs to help projects mitigate losses quickly.

Service Content

Reference

https://x.com/SpecterAnalyst/status/2025138590393532656