It started normaly â no dramatic warning, no countdown. Then suddenly, the IoTeX cross-chain bridge was bleeding funds.
On February 21, the bridge connected to IoTeX was exploited after an attacker compromised a private key with administrative control. Not a complex smart contract bug. Not some zero-day exploit. Just one critical key falling into the wrong hands.
And that was enough.
đ° What Was Taken
With admin access, the attacker drained multiple assets from the bridge â including stablecoins and wrapped tokens â with early estimates ranging from $2 million to nearly $9 million depending on calculations and minted assets.
Reports show the attacker didnât just withdraw existing funds. They allegedly minted additional tokens using compromised contracts, amplifying the damage.
đ The Getaway
After draining the bridge, the hacker swapped funds into ETH and then moved them through THORChain, routing value toward Bitcoin addresses.
That move matters. Cross-chain swaps make tracking and freezing funds significantly harder. Itâs a classic crypto escape route â fast, fragmented, and difficult to reverse.
đ Market Reaction
As news spread, IOTX dropped sharply, falling around 9â10% in hours. Trading volume spiked. Panic always moves faster than official statements.
â ď¸ The Real Lesson
This wasnât a code failure. It was operational security. A compromised private key gave full control over bridge contracts â and bridges are prime targets because they hold large pools of liquidity.
One key. Millions moved.
In crypto, security isnât just about smart contracts. Itâs about who holds the keys â and how well theyâre protected. đ
Ever heard the rule :
Not your keys - not your crypto ?
This is the perfect example.
Expose your key đď¸ and say good bye to your crypto.
Cause in crypto, who ever holds the keys holds the coins.
If the exchange hold your keys - your coins are not really yours. If you expose your keys to someone you shouldn't - now HE owns your crypto.
Take care of your keys is the lesson to be learn đď¸.
