security

On February 21, 2026, #IoTeX had a major security breach when a private key connected to their TokenSafe and related bridge infrastructure was stolen.
This let an attacker take money from the project's treasury and bridge contracts.
Based on what security firms, on-chain analysts, and IoTeX's official statements say, here's a breakdown of what happened:
Early reports from companies like PeckShield and analysts like Spectre warned about the exploit and said it could cost between $4.3 million and $8.8 million.
This included drained assets like USDC, USDT, IOTX, WBTC, PAYG, and BUSD.
The attacker is said to have traded a lot of it for ETH and used THORChain to move some of it to Bitcoin for laundering.
People also talked about making tokens like CIOTX and CCS without permission.
The official update from IoTeX confirmed the breach but said the real damage was less than $2 million USD, mostly in USDC, USDT, IOTX, and WBTC.
They said it was a planned, sophisticated attack by professional actors on several chains. The team quickly took care of the problem.
The IoTeX chain was temporarily stopped so that security improvements could be made. They said that operations, including deposits, would start up again within 24 to 48 hours of their February 21 statement.
IoTeX is working with exchanges, security partners, and the police to find the stolen money, freeze it, and maybe even get it back.
It looks like this is a problem with IoTeX's centralized/key management, probably with their bridge or treasury multisig/hot wallet setup. It's not a problem that affects all user wallets or private keys on the IoTeX network.
Caution for IoTex Holders
If you hold IOTX regularly and use a non-custodial wallet like ioPay or MetaMask, your money should be safe unless you directly interacted with compromised contracts during the time period.
If you're involved with IoTeX, here are some things you should do: Don't do any transactions or use any bridges that seem suspicious until official announcements say that everything is back to normal.
Follow @iotex_io on X for news. Check your positions again when operations start up again if you staked or deposited in official pools or bridges.
As always in crypto, don't share your private keys, use hardware wallets for large amounts of money, and be careful of phishing when big news stories break.
The price of the IOTX token fell by about 9–10%, but the team says that the core chain security is still strong.

This shows that there are still risks with managing bridges and private keys in the space. Take care out there!
$IOTX
#security

When people hear “blockchain security,” they usually think about complex cryptography or advanced algorithms. But honestly, the real heroes behind blockchain security are much simpler they’re called nodes.
Think of nodes as regular computers around the world that decide to participate in a blockchain network. They aren’t owned by one company. They aren’t controlled by one government. They’re just independent machines running the same rules. And that’s exactly what makes blockchains secure.
Whenever someone sends crypto to another person, that transaction doesn’t just magically go through. Nodes check everything. They make sure the sender actually has enough balance. They confirm the digital signature is real. They verify that the transaction follows the network’s rules. If something looks wrong, the transaction is rejected. No drama. No favoritism. Just rules.
The same thing happens when a new block is added to the chain. A miner or verifiers can propose a block, but it’s the nodes that double-check it. If the block distrub the rules, it simply won’t be accepted. This shared verification process is what makes it nearly impossible for someone to secretly change the transaction history.
What really strengthens the system is distribution. Nodes are spread across different countries, different internet providers, and different people. There’s no central server to shut down. No single switch to turn off. If a few nodes go offline, the network hold flowing. That resilience is the core of blockchain security.
Of course, it’s not perfect. Running a full node takes storage, internet bandwidth, and some technical understanding. If only a small number of big players run most of the nodes, the network can quietly become less decentralized. That’s why community taking part matters so much.
At the end of the day, nodes are the reason blockchain works without trust. They enforce the rules automatically. They don’t care who you are. They just care whether the transaction follows the protocol.
So when we talk about secure, decentralized networks, we’re really talking about thousands of independent computers quietly doing their job protecting the system every second.
$BTC
$ETH
$BNB
#blockchain #TrumpNewTariffs #security

💰 The Largest Theft: The Bybit Hack (2025)
If "number one" means the single biggest dollar amount stolen, the Bybit hack is the current record-holder. On February 21, 2025, the cryptocurrency exchange lost approximately $1.5 billion in Ethereum and related tokens .
How It Happened: The attack was highly sophisticated. Hackers manipulated a wallet signature during a routine transfer from Bybit's cold wallet (an offline storage system). They tricked the system into approving a transaction that altered the smart contract logic, effectively giving them control over the cold wallet and allowing them to drain its funds. The transaction was "musked" to appear legitimate to the exchange's team .The Perpetrators: Blockchain security firms quickly identified the culprit as the Lazarus Group, a notorious state-backed hacking organization from North Korea. This group has a long history of massive cyber heists, including the $625 million Ronin Bridge hack in 2022 .Aftermath and Response: Despite the scale of the theft, Bybit assured users it remained solvent, as the stolen funds represented only about 7.5% of its total assets under management. The broader crypto industry rallied to support Bybit, with security firms like ZachXBT and Arkham Intelligence tracing funds, and Tether freezing some stolen assets. Bybit was able to replenish its Ethereum reserves within days through loans and purchases .
🎯 The Most Symbolic Target: The Nasdaq Hack (2013)
If "number one" is defined by the prestige and critical nature of the target, the intrusion into the Nasdaq stock exchange stands alone. While no direct financial theft was reported, the psychological and systemic impact was immense .
How It Happened: From 2005 to 2012, a global hacking ring led by four Russians and a Ukrainian methodically infiltrated the networks of major institutions, including Nasdaq, Citibank, and 7-Eleven. They exploited SQL injection vulnerabilities to steal login credentials and installed malware for persistent backdoor access .The "NASDAQ is Owned" Moment: The gravity of the breach was captured in a chilling instant message from January 2008. After months of slowly escalating his access, hacker Aleksandr Kalinin reported to an accomplice: "NASDAQ is owned." He had gained administrative access to the stock exchange's network .The Goal: Unlike the Bybit hack, the goal here wasn't necessarily to immediately steal funds from the exchange itself. The scheme involved stealing over 160 million credit card numbers from various companies, which were then sold or used to create clone cards for ATM withdrawals. The Nasdaq compromise gave them a powerful and trusted foothold .
🌐 Other Major Attacks That Shaped the Landscape
While the two above are primary contenders, other attacks have redefined the scale of cyber threats in finance:
The JPMorgan Chase Attack (2014): This breach affected approximately 83 million households and small businesses, making it one of the largest data breaches of a US bank in history. The stolen contact information was allegedly used in stock manipulation schemes and other crimes .The ICBC Ransomware Attack (2023): A ransomware attack on the Industrial and Commercial Bank of China's financial services unit disrupted the US Treasury market, forcing trades to be rerouted and highlighting the systemic risk posed by cyberattacks on critical financial infrastructure .The Japanese Brokerage Account Takeover (2025): Adversaries compromised thousands of online brokerage accounts, executing over $700 million in fraudulent "pump-and-dump" trades. This case is notable for its use of adversary-in-the-middle (AiTM) attacks and infostealer malware to bypass traditional security .
I hope this overview of the largest and most significant attacks is helpful. Are you interested in the specific security failures that allowed any of these hacks to occur?

$BTC
#CYBER #security