IoTeX offers 10% “white-hat” bounty to bridge attacker, seeks return of ~$4.4M within 48 hours
IoTeX, the blockchain company behind the Internet-of-Things-focused network and its ioTube cross-chain bridge, has publicly offered a 10% bounty — roughly $440,000 — to any attacker who voluntarily returns the bulk of funds taken in a Feb. 21, 2026 exploit. The offer, posted on X by IoTeX and highlighted by co‑founder and CEO Raullen Chai as the “source of truth,” gives the hacker(s) 48 hours to return about $4.4 million in exchange for a promise not to pursue legal action or share identifying information with law enforcement.
What happened
According to IoTeX, the breach occurred when a validator owner’s private key on the Ethereum side of ioTube was compromised, allowing unauthorized control of bridge contracts. The project says its Layer 1 mainnet was not affected; the incident was confined to the bridge’s Ethereum-side infrastructure.
IoTeX has traced fund movements across Ethereum, IoTeX and Bitcoin and says exchange deposits have been flagged and frozen. In its X post the team offered the 10% bounty as an incentive to recover the remaining funds, while also promising to work with exchanges to monitor suspicious addresses.
Numbers and on‑chain tracking
Initial on‑chain analysis produced varying totals. Security firm PeckShield estimated more than $8 million in assets were touched, saying the attacker swapped stolen assets into ETH and began bridging them to BTC via THORChain. Independent investigator Specter and IoTeX put the directly drained amount closer to $4.3–$4.4 million. IoTeX identified four Bitcoin addresses holding about 66.78 BTC (roughly $4.3 million at the time) and said those addresses are being monitored in cooperation with exchanges; a CoinDesk check on Feb. 23 confirmed roughly 66.6 BTC in the flagged addresses.
Market impact and scope
The native token IOTX plunged roughly 22% after the exploit, falling from about $0.0054 to below $0.0042 before partially recovering. IoTeX stressed that the breach was an operational security failure tied to key management on the bridge rather than a flaw in its Layer 1 protocol.
Experts: operational security, not smart‑contract bug
Outside analysts echoed that view. Nick Motz, CEO of ORQO Group and CIO of Soil, told CoinDesk the incident arose from a compromised validator owner private key on the Ethereum side — an operational security lapse rather than a smart-contract vulnerability exposed by an outside actor. “When you build and operate the bridge infrastructure and the key management is what fails, it’s difficult to separate yourself from that outcome,” he said.
Nanak Nihal Khalsa, co‑founder of human.tech, noted that responsibility in crypto often boils down to who holds private keys. He urged stronger custody practices and multisig setups to reduce similar risks, adding that liability norms in crypto still lag those in traditional finance.
Containment vs. recovery
Security observers cautioned that containment does not guarantee recovery. Motz said assets with market value were swapped and routed through chains like THORChain, making recovery “extremely difficult.” Khalsa echoed the uncertainty, saying it’s hard to predict how much — if any — can actually be recovered.
Immediate remediation
IoTeX has rolled out Mainnet v2.3.4 and required node operators to upgrade. The update includes a default blacklist of malicious externally owned accounts (EOAs) to be filtered by nodes. Before issuing the bounty, IoTeX said it would publish a compensation plan within 48 hours.
Context: bridges remain a weak point
Cross‑chain bridges have been among the most attacked vectors in crypto. Industry tallies put cumulative losses from bridge hacks at more than $3.2 billion, making bridges an attractive target for sophisticated threat actors who exploit key management, oracle design and other operational weaknesses.
IoTeX initially offered the 10% white‑hat bounty tied to its $4.4 million estimate, then revised the direct asset drain figure to about $4.3 million (excluding minted tokens). The company says it has traced movements across affected chains and is coordinating with exchanges as it seeks either recovery of funds or compensation for victims.
UPDATE (Feb. 23, 2026, 23:21 UTC): Adds context on other projects offering 10% bounties after breaches.
Read more AI-generated news on: undefined/news
