IoTeX Offers $440K Bounty to Recover Stolen Funds, Hackers Have 48 Hours

IoTeX Launches Emergency Bounty to Recover Stolen Funds

In a bid to recover the $4.4 million stolen from its cross-chain bridge, IoTeX has announced a 10% bounty—worth around $440,000—for hackers who return the funds within 48 hours. The team has also pledged not to pursue legal action if the funds are restored promptly.

Security Breach Traced to Operational Leak

The attack, which occurred on February 21, stemmed from a leaked private key linked to the Ethereum-side verification node of the ioTube bridge. Both IoTeX and external security analysts confirmed that the breach was due to an operational security failure, not a flaw in the Layer1 blockchain or its smart contracts.

Tracking Progress and Network Enhancements

IoTeX has already traced the stolen assets and identified an address holding approximately 66.6 BTC. However, experts caution that assets that have been converted or moved across chains may be nearly impossible to recover. In response, the team is preparing a mainnet upgrade to include a default blacklist for known malicious addresses.