On 2026-02-21 (≈07:00–09:00 UTC) a compromised private key gave an attacker control of IoTeX TokenSafe and MinterPool contracts. Initial on‑chain analysis reported ~ $4.3M in tokens stolen (USDC, USDT, IOTX, PAYG, WBTC, BUSD), and the attacker minted ~ $4M CIOTX and ~ $4.5M CCS, pushing estimated losses toward $9M. Funds were swapped to ETH and some bridged toward BTC via THORChain. Blockchain firm PeckShield confirmed the breach and identified three attacker addresses. IoTeX disputes higher loss estimates, says actual loss may be lower, and is coordinating with exchanges and security partners to trace and freeze assets. IOTX price fell ~9.2% to ~$0.0049 with volume spiking; investigations continue.

A compromised private key allowed attacker control of TokenSafe and MinterPool contracts; on‑chain reports show ~ $4.3M in tokens stolen plus ~ $8.5M minted (CIOTX, CCS) for total near $9M; PeckShield confirmed the breach and three attacker addresses were identified; IOTX price dropped ~9.2% with volume spike and the project is coordinating with exchanges to trace/freeze funds.