Decentralized identity platform IoTeX has begun an investigation into suspicious activity connected to a token safe following alerts from on-chain analysts regarding a potential security breach.

In a statement made on X, the team noted their commitment to “assess and control the situation”. They reported the estimated losses are lower than assumed by market speculation. The team is also collaborating with key exchanges and security experts to trace and halt any unauthorized transactions.

“The situation is under control. We will continue to monitor closely and provide timely updates to the community.”
(Translation: La situación está bajo control. Continuaremos monitoreando de cerca y proporcionaremos actualizaciones oportunas a la comunidad.)

Following this announcement, IoTeX’s native token (IOTX) experienced a decline, falling over 8% within a 24-hour period to roughly $0.0049 according to CoinMarketCap data.

Analyst Reports $4.3 Million Loss Due to Key Compromise

The response from IoTeX was prompted by findings from the on-chain investigator Specter, who suggested that a private key linked to the token safe had likely been compromised. The investigation revealed that the wallet was drained of multiple tokens, including USDC, USDT, IOTX, and WBTC, with losses assessed at approximately $4.3 million. Reports indicated that the stolen assets were converted into Ether (ETH), with about 45 ETH transferring to Bitcoin.

IoTeX wallet breach
Source: Specter

Analysts have shared wallet addresses linked to the suspected perpetrator and detailed transaction records showcasing fast movements through decentralized exchanges. This suggested possible attempts to quickly convert and transfer assets to hinder recovery efforts.

Majority of Cryptocurrency Projects Fail to Recover from Hacks

As noted in a previous Cointelegraph article, nearly 80% of cryptocurrency projects affected by significant hacks face challenges in recovering, primarily due to mishandled responses rather than immediate financial loss. Web3 security authorities point out that many teams are ill-prepared for breaches, resulting in delayed responses and ineffective communications during critical initial hours, exacerbating losses and promoting mistrust among users.

Even with technical improvements made post-incident, reputational effects can be lasting. Experts have observed that serious exploits can lead to user withdrawals, decreased liquidity, and long-term damage to credibility, which projects rarely bounce back from.