IoTeX confirms ~$2M exploit, disputes $4.3M estimate; chain paused as investigators trace funds

IoTeX confirmed a security exploit that impacted a token safe and temporarily paused chain operations to implement security fixes. The project reports confirmed losses of about $2 million (including USDC, USDT, IOTX and WBTC) and says the attack was a sophisticated, long-planned operation by professional actors. On-chain analyst Specter and other researchers estimated higher losses (≈$4.3M–$8.8M in earlier reports), citing a suspected private-key compromise, multiple drained contracts (USDC, USDT, IOTX, PAYG, WBTC, BUSD), the minting of 111 million CIOTEX tokens, swaps into ETH, and bridging at least 45 ETH to Bitcoin to obfuscate proceeds. IoTeX disputes the larger figures and says it is coordinating with major centralized exchanges, security partners and law enforcement to trace and freeze attacker-linked funds. Chain deposits and some operations are paused and expected to resume within 24–48 hours after freezing addresses and completing security upgrades. Market reaction: IOTX saw sharp short-term moves (double-digit declines and a large spike in daily volume) and further volatility is likely. Key takeaways for traders: expect elevated short-term volatility in IOTX and related wrapped assets; monitor exchange freeze actions and on-chain tracing for possible fund recoveries or liquidations; the attacker’s ability to mint CIOTEX signals a critical governance/issuance vulnerability and increases counterparty risk while investigations continue.