IoTeX bridge exploit raises debate over losses and recovery prospects as CEO offers 10% bounty
CoinDesk
by Olivier AcunaFebruary 23, 2026
AI-Generated Deep Dive Summary
A recent hack on IoTeX’s ioTube bridge, which involved a compromised private key, has led to a 10% bounty offer by the company to recover stolen funds. IoTeX, a blockchain project focused on IoT devices, announced it would pay $440,000 for the return of approximately $4.4 million within 48 hours. The company’s CEO, Raullen Chai, emphasized that no legal action would be taken if the funds are returned and identified information is not shared with authorities. This move follows a growing trend among crypto projects offering bounties to hackers in exchange for stolen assets.
The breach occurred on February 21, 2026, when an attacker exploited a private key on the Ethereum side of the bridge, leading to unauthorized transfers across multiple chains. While IoTeX’s Layer 1 network remained unaffected, the incident resulted in significant financial losses, with estimates ranging from $4 million to over $8 million based on on-chain analysis by PeckShield. The stolen funds were quickly converted into ETH and moved through THORChain, complicating recovery efforts.
IoTeX has taken steps to mitigate future risks, including rolling out Mainnet v2.3.4, which features a blacklist of malicious EOA addresses to filter out suspicious transactions. Despite these measures, experts warn that cross-chain bridges remain a critical vulnerability in the crypto space. Nick Motz, CEO of ORQO Group and CIO of Soil, noted that the breach was an operational failure rather than a flaw in smart contracts, highlighting the importance of proper key management
Verticals
cryptofinance
Originally published on CoinDesk on 2/23/2026