IoTeX said a Feb. 21, 2026 exploit of its ioTube cross‑chain bridge—caused by a compromised validator owner private key—led to roughly $4.3–4.4M being stolen. The team announced a 10% bounty (~$440k) and promised not to pursue legal action if funds are returned within 48 hours. Funds on Ethereum, IoTeX and Bitcoin have been traced; exchanges were notified and deposits flagged/frozen; four BTC addresses holding ~66.7 BTC (~$4.3M) were identified and monitored. IoTeX’s Layer‑1 mainnet was not affected and Mainnet v2.3.4 (including a default blacklist of malicious EOAs) was rolled out. On‑chain loss estimates vary (PeckShield >$8M; other investigators ~ $4.3M). Some assets were swapped to ETH and bridged to BTC via THORChain. The IOTX token fell about 22% after the exploit.

The story reports a concrete bridge exploit (~$4.3–4.4M stolen) caused by a compromised validator owner private key, active tracing and exchange freezing of funds, and a 10% bounty with a 48‑hour return window — facts that directly affect IOTX market risk and caused a ~22% price drop. Uncertainty remains due to varying loss estimates and swaps via THORChain, increasing short‑term downside and volatility.