IOTX

Iotex

Step Finance is shutting down its Solana-based platforms after a January hack drained up to $40 million and undermined its financial stability. In a statement shared on Feb. 24 on X, the company said it would shut down its core…

BitcoinWorld IoTeX Hack: Urgent $440K Bounty Offer Reveals Critical Cross-Chain Bridge Vulnerability In a dramatic move underscoring the persistent vulnerabilities within decentralized finance, the IoTeX blockchain network has publicly offered a 10% bounty, valued at $440,000, to the anonymous hacker responsible for a $4.4 million exploit. The project issued this stark ultimatum on the social platform X, demanding the return of stolen assets within a critical 48-hour window. This incident, centered on the unauthorized minting of 410 million CIOTX tokens via the ioTube cross-chain bridge, immediately sent shockwaves through the crypto security community and raised urgent questions about bridge infrastructure safeguards. Anatomy of the IoTeX Cross-Chain Bridge Exploit The IoTeX security breach represents a sophisticated attack vector targeting cross-chain interoperability. Fundamentally, the hacker discovered and exploited a vulnerability within the ioTube bridge’s smart contract logic. This flaw permitted the unauthorized creation, or minting, of 410 million CIOTX tokens. CIOTX is a cross-chain representation of the native IOTX token, designed to facilitate asset movement between the IoTeX network and other blockchains like Ethereum and Binance Smart Chain. Subsequently, the attacker swiftly converted these illicitly minted tokens into other high-liquidity cryptocurrencies. The primary targets were Bitcoin (BTC) and Ethereum (ETH), which are significantly harder to trace and freeze compared to tokens on their native chain. The total value of the drained assets reached approximately $4.4 million before the exploit was identified and the relevant bridge functions were paused. This sequence highlights a critical two-stage threat: first, the exploitation of minting authority, and second, the rapid obfuscation of funds through cross-chain conversion. Attack Vector: Smart contract vulnerability on the ioTube bridge. Action: Unauthorized minting of 410 million CIOTX. Monetization: Conversion to $4.4M in BTC and ETH. Response: Bridge pause and public bounty offer. The Strategic Calculus Behind the Crypto Bounty Offer IoTeX’s decision to offer a 10% bounty, or “white hat” reward, follows a precedent set by other major DeFi protocols like Poly Network and Cream Finance. This strategy is a pragmatic risk-management calculation rather than an admission of defeat. By offering $440,000 for the return of the remaining $4 million, the project aims to recover a majority of user funds while treating the incident as a costly security audit. The strict 48-hour deadline applies pressure, suggesting the team may be pursuing alternative tracking methods or legal avenues that could become viable after that period. From a cybersecurity perspective, bounty offers serve multiple purposes. Firstly, they create a direct financial incentive for the attacker to cooperate, transforming a purely adversarial relationship into a potentially negotiable one. Secondly, such public offers demonstrate proactive governance to the project’s community and token holders, which can help maintain trust during a crisis. However, experts consistently warn that this approach can also incentivize future attacks if hackers perceive a reliable “profit-sharing” escape route. Expert Insight: Bridge Security as DeFi’s Achilles’ Heel Blockchain security analysts have long identified cross-chain bridges as a primary attack surface. These protocols hold immense value locked in smart contracts to facilitate asset transfers, making them high-value targets. The complexity of verifying transactions and states across two distinct, asynchronous blockchains inherently expands the potential for logical flaws. According to annual reports from major security firms like CertiK and Halborn, bridge exploits accounted for nearly 70% of all major crypto thefts in 2024, with losses exceeding $2 billion. The IoTeX incident fits a familiar pattern where economic incentives for interoperability outpace security validation. Each bridge employs unique trust assumptions—ranging from multi-party signatures to light clients—and a vulnerability in any component can lead to catastrophic failure. This event will likely accelerate ongoing industry efforts toward standardizing bridge security frameworks and implementing more robust, time-locked upgrade mechanisms to prevent instant exploitation. Broader Impact and the Evolving DeFi Security Landscape The immediate aftermath of the hack saw a predictable yet contained market reaction. The IOTX token price experienced volatility but did not collapse, indicating that market participants may have priced in both the exploit and the potential for partial recovery via the bounty. Nevertheless, the event triggers a renewed evaluation of risk for all cross-chain assets. Investors and liquidity providers are now compelled to scrutinize the specific security models and audit histories of the bridges they use, beyond just the underlying blockchain’s security. Furthermore, this incident places regulatory scrutiny squarely on cross-chain activities. Global financial watchdogs, including the U.S. Securities and Exchange Commission and the Financial Action Task Force (FATF), have increasingly focused on how cross-chain transactions complicate anti-money laundering (AML) and capital controls. The hacker’s conversion to BTC and ETH exemplifies the tracing challenges regulators aim to address. Consequently, future bridge designs may need to incorporate more sophisticated on-chain monitoring and compliance tools by default. Recent Major Cross-Chain Bridge Exploits (2023-2025) Protocol Date Approx. Loss Primary Cause Resolution Poly Network 2023 $10M Smart Contract Logic Full bounty return Wormhole 2024 $325M Signature Verification VC-backed replenishment Ronin Bridge 2023 $625M Compromised Validator Keys Government investigation IoTeX (ioTube) 2025 $4.4M Unauthorized Minting 10% Bounty Offered Conclusion The IoTeX hack and the subsequent $440,000 bounty offer illuminate the ongoing tension between innovation and security in the decentralized finance sector. This incident serves as a potent reminder that cross-chain bridge technology, while essential for a multi-chain ecosystem, remains a work in progress with significant associated risks. The outcome of this bounty negotiation will set an important precedent for how DeFi projects manage post-exploit crises. Ultimately, the security of the entire interconnected blockchain landscape depends on learning from each breach, rigorously stress-testing bridge assumptions, and developing more resilient, transparent, and accountable interoperability solutions. FAQs Q1: What exactly was hacked in the IoTeX incident? The exploit targeted the ioTube cross-chain bridge, a protocol that allows assets to move between the IoTeX blockchain and others. A vulnerability allowed the hacker to mint 410 million CIOTX tokens without proper authorization or collateral. Q2: Why would IoTeX offer the hacker a bounty instead of just pursuing them? Offering a bounty is a pragmatic strategy to recover user funds. Tracking and legally prosecuting anonymous blockchain hackers is often slow, difficult, and uncertain. The bounty creates a direct financial incentive for the return of most of the assets, turning a total loss into a partial recovery. Q3: What are CIOTX tokens? CIOTX is a cross-chain wrapped version of the native IOTX token. It is minted when IOTX is locked on the IoTeX chain to represent that value on another chain (like Ethereum), enabling it to be used in DeFi applications there. The hacker minted these tokens illegitimately. Q4: How does this hack affect the average IOTX holder or user? If you were not directly providing liquidity to the ioTube bridge, your personal wallet funds are safe. However, such exploits can cause short-term price volatility for the IOTX token and may temporarily shake confidence in the ecosystem’s infrastructure. Q5: What makes cross-chain bridges so vulnerable to attacks? Bridges are complex smart contracts that must securely lock assets on one chain and mint representations on another. This process involves managing immense value and verifying information across two separate systems, creating a large “attack surface” with potential for logical flaws, code bugs, or governance failures. This post IoTeX Hack: Urgent $440K Bounty Offer Reveals Critical Cross-Chain Bridge Vulnerability first appeared on BitcoinWorld .

Upbit flagged IoTeX after a key exploit; deposits paused pending DAXA review. Upbit caution list, IoTeX private key exploit, IOTX deposit suspension per notice. Read original article on coinlineup.com

BitcoinWorld IoTeX Delisting Shocker: Upbit and Bithumb Place IOTX on Watchlist After Security Breach In a significant development for the Asian cryptocurrency market, South Korean exchanges Upbit and Bithumb have placed the IoTeX (IOTX) token on their delisting watchlists. This decisive action, announced in Seoul, South Korea, follows the confirmation of a security incident involving the IoTeX network or its associated infrastructure. Consequently, the move highlights the increasing regulatory and operational scrutiny applied to digital assets by major trading platforms. Furthermore, it underscores the critical importance of security and transparency within the blockchain ecosystem for maintaining exchange listing status. IoTeX Delisting Watchlist: The Core Announcement Upbit and Bithumb, two of South Korea’s largest and most influential cryptocurrency exchanges, made separate but coordinated announcements regarding IoTeX. Specifically, they designated IOTX for their respective “Investment Warning” or “Delisting Watchlist” categories. Bithumb provided explicit criteria for this designation, linking it directly to a confirmed security incident. According to the exchange’s policy, such incidents include hacks or breaches where the cause remains unconfirmed or unaddressed by the project team. Moreover, the incident must affect the virtual asset itself, a wallet managed by its issuer, or the underlying distributed ledger technology. This policy framework demonstrates a proactive approach to risk management, prioritizing user asset protection above all else. The watchlist status serves as a formal warning to investors. Typically, it initiates a review period where the project team must address the exchange’s concerns. Failure to provide satisfactory explanations or remediation can lead to full delisting. Therefore, this process creates substantial uncertainty for IOTX holders on these platforms, often triggering immediate market volatility. For context, South Korean exchanges have historically maintained stringent listing standards, often more rigorous than their global counterparts. This rigor stems from the country’s specific regulatory environment and a strong emphasis on investor protection following past market upheavals. Understanding the Security Incident Framework Exchanges like Upbit and Bithumb employ detailed internal criteria to evaluate project health and security. The cited reason for IoTeX’s watchlisting fits a common pattern observed in previous delistings. Security incidents are categorized by their scope and the response from the issuing team. A delayed, opaque, or ineffective response typically triggers the most severe actions from an exchange. For instance, the integrity of the distributed ledger—the blockchain itself—is paramount. Any compromise here represents a fundamental threat to the asset’s viability. To clarify the types of incidents, here is a brief comparison: Incident Type Potential Impact Typical Exchange Response Smart Contract Exploit Direct loss of user funds locked in contracts. Immediate suspension, watchlist, or delisting. Issuer Wallet Hack Loss of treasury or team funds, potential sell pressure. Watchlist pending explanation and proof of funds. Network Consensus Failure Chain halt or reorganization, undermining trust. Likely delisting if not resolved swiftly. While the specific details of the IoTeX incident were not fully disclosed in the initial announcements, Bithumb’s statement strongly suggests it falls into one of these serious categories. The exchange’s reference to an “unaddressed cause” indicates that the IoTeX team’s communication or remedial actions did not meet the required standard. This procedural aspect is as critical as the incident itself, demonstrating that exchanges now demand full accountability and transparency from listed projects. Expert Analysis on Exchange Risk Management Industry analysts note that such watchlisting decisions are not taken lightly. Exchanges conduct thorough technical and operational reviews before making public announcements. The primary goal is to mitigate systemic risk and protect their user base from assets that may become illiquid or worthless. A delisting from a major exchange like Upbit or Bithumb can severely impact a token’s liquidity, accessibility, and overall market perception. Historically, similar actions have led to double-digit percentage price declines for the affected asset in the short term. However, they also serve a vital market hygiene function, removing vulnerable projects and incentivizing higher security standards across the industry. The timing of this action is also noteworthy. Global regulatory bodies are increasing pressure on exchanges to enhance their due diligence processes. South Korea, in particular, has implemented strict regulations under the Travel Rule and through financial authorities like the Financial Services Commission (FSC). Exchanges now face significant liability for listing assets that later cause investor losses due to preventable issues like security failures. Therefore, preemptive actions like watchlisting are a strategic necessity for compliant exchanges operating in 2025. Potential Impacts on the IoTeX Ecosystem The immediate consequence of the watchlist designation is market volatility. Trading volumes for IOTX on the affected exchanges may fluctuate wildly as investors react to the news. Typically, a token placed on watchlist sees increased selling pressure due to the risk of future delisting. Beyond price action, the reputation of the IoTeX project faces a serious test. The core team must now engage transparently with the exchanges and the broader community to explain the incident and their mitigation steps. Their response will be scrutinized by other global exchanges, which may consider similar actions. The long-term effects depend on several factors: Project Response: A swift, technical, and transparent post-mortem from the IoTeX team can rebuild trust. Exchange Verdict: The final decision by Upbit and Bithumb after their review period. Community Support: Whether developers and users continue to build and use the IoTeX network. Regulatory Attention: Whether financial authorities take additional note of the incident. For the broader cryptocurrency market, this event reinforces key lessons. First, exchange listings are conditional privileges, not permanent rights. Second, robust security practices and immediate crisis communication are non-negotiable for blockchain projects. Finally, investors must be aware of the specific policies of the exchanges they use, as these directly affect asset risk. Conclusion The placement of IoTeX (IOTX) on the delisting watchlists of Upbit and Bithumb marks a pivotal moment emphasizing the critical intersection of security, compliance, and market integrity. This action, driven by a confirmed but unspecified security incident, follows established exchange protocols designed to protect investors. The coming weeks will determine whether the IoTeX project can adequately address the concerns raised, potentially avoiding a full delisting. Ultimately, this event serves as a stark reminder to all market participants that in the evolving landscape of 2025, operational resilience and transparent communication are paramount for sustaining exchange support and community trust. FAQs Q1: What does being on a “delisting watchlist” mean for IoTeX (IOTX)? It means the exchange has identified a serious issue, like a security breach, and is giving the IoTeX team a review period to address it. Failure to do so satisfactorily will likely result in the permanent removal of IOTX trading pairs from the exchange. Q2: Can I still trade IOTX on Upbit and Bithumb? Typically, yes, trading continues during the watchlist period. However, the exchange may add warning labels, and users should be aware of high volatility and the risk of trading being suspended if delisting occurs. Q3: What kind of security incident would cause this action? Exchanges cite incidents affecting the asset’s blockchain, smart contracts, or official project wallets. The key factor is often an “unaddressed cause,” meaning the project has not sufficiently explained or fixed the problem. Q4: How does this affect IOTX holders on other exchanges? While the token remains listed elsewhere, the news can negatively impact its global price and reputation. Other exchanges may monitor the situation and could initiate their own reviews. Q5: What should the IoTeX team do now? The team should immediately publish a detailed, transparent report on the security incident, outline concrete steps taken to resolve it, and proactively communicate with all listing exchanges to reassure them of the network’s stability. This post IoTeX Delisting Shocker: Upbit and Bithumb Place IOTX on Watchlist After Security Breach first appeared on BitcoinWorld .

Daily Market Wrap | Feb. 23

Bitdeer's Bitcoin holdings hit zero as of Feb. 20, 2026, after liquidating ~2,000 BTC in eight weeks to fund its AI and chip pivot.

IoTeX reported containing a hack with losses around $2 million, disputing on-chain analyst estimates placing the theft at $4.3 million. The blockchain platform stated it coordinated with exchanges and law enforcement to freeze stolen funds following what it called a…

IoTeX wallet breach: $4.3M stolen: USDC, USDT, IOTX, WBTC converted to ETH, bridged to BTC. Price dropped %6.26, RSI 29.66 oversold. Team tracking funds. Supports: $0.0046-$0.0049. Updates soon. (9...

BitcoinWorld IoTeX Security Alert: Upbit, Bithumb, Coinone Halt IOTX Transactions Amid Critical Investigation SEOUL, South Korea – March 2025: Three of South Korea’s largest cryptocurrency exchanges have simultaneously suspended all IoTeX (IOTX) deposit and withdrawal services. Upbit, Bithumb, and Coinone announced this precautionary measure following indications of a potential security incident within the IoTeX ecosystem. Consequently, traders cannot move IOTX tokens on or off these platforms until further notice. This coordinated action highlights the exchanges’ commitment to user asset protection above all else. IoTeX Transactions Halted Across Major Korean Exchanges The announcements from Upbit, Bithumb, and Coinone arrived within hours of each other. Each exchange cited nearly identical reasons for the suspension. They referenced a need to investigate potential vulnerabilities and ensure the complete stability of the IOTX network’s deposit and withdrawal functions. Market analysts immediately noted the unusual coordination between these typically competitive platforms. This suggests they received similar alerts from either the IoTeX Foundation or their internal security monitoring systems. Furthermore, the suspension affects only the movement of IOTX tokens. Spot trading of IOTX against Korean Won (KRW) and other cryptocurrencies continues normally on all three exchanges. This distinction is crucial. It indicates the exchanges are targeting a specific technical risk in the token’s transfer mechanism rather than a broader issue with the asset itself. The Financial Services Commission (FSC) of South Korea monitors such exchange actions closely, especially given the nation’s strict digital asset regulations. Understanding the IoTeX Project and Its Security Framework IoTeX is a decentralized platform aiming to power the Internet of Trusted Things. It combines blockchain technology with secure hardware to create a trusted environment for data and devices. The project’s native token, IOTX, facilitates network operations, governance, and payments. IoTeX employs a Roll-DPoS (Roll-Delegated Proof of Stake) consensus mechanism and has pioneered hardware like the “Pebble” tracker to bridge physical data to the blockchain. Core Technology: A layered architecture with a root chain managing consensus and multiple sub-chains for specific applications. Security Focus: The project emphasizes “trusted computing” via hardware enclaves to protect data integrity at the source. Exchange Integration: For an exchange to support IOTX deposits/withdrawals, it must run and maintain a secure node that interacts with the IoTeX mainnet. Therefore, a suspension typically points to a concern at the node or network protocol level. It could involve a suspected bug, a potential exploit vector in smart contracts, or anomalous on-chain activity. Historical precedent shows exchanges often take this step when unusual transaction patterns or smart contract vulnerabilities are reported by security firms like CertiK or SlowMist. Expert Analysis on Exchange Risk Mitigation Protocols Industry experts view this coordinated halt as a sign of matured risk management. “This is standard operating procedure for top-tier exchanges,” explains a blockchain security consultant who has worked with Asian exchanges. “When a potential threat is identified, the immediate priority is to prevent any possible loss of user funds. Isolating the asset’s transfer function is the most effective first response.” The consultant further notes that South Korean exchanges operate under particularly stringent guidelines from the Korea Internet & Security Agency (KISA). These protocols mandate rapid action upon receiving any credible threat intelligence. The exchanges will now conduct a technical audit. They will verify the integrity of the IoTeX network’s transaction finality and the security of their own node configurations. This process involves collaboration with the IoTeX development team to diagnose any issue. Only after confirming the network’s stability and patching any vulnerabilities will services resume. Past incidents with other tokens show this process can take from 24 hours to several days. Immediate Market Impact and Trader Response The market reaction to the news was measured but noticeable. The price of IOTX experienced a short-term decline of approximately 8-12% across global exchanges following the announcements. However, trading volume on the affected Korean exchanges remained active. This suggests traders were adjusting positions rather than engaging in panic selling. The continued availability of spot trading provided a crucial pressure valve, allowing price discovery to continue. Initial Market Reaction to IOTX Suspension Announcement Exchange Action Time to Announcement Spot Trading Status Upbit Suspended deposits/withdrawals ~1 hour after internal alert Active Bithumb Suspended deposits/withdrawals ~1.5 hours after internal alert Active Coinone Suspended deposits/withdrawals ~2 hours after internal alert Active Social media sentiment, particularly on Korean platforms like Naver Cafe and global forums like Reddit, showed concern but also understanding. Many users praised the exchanges for proactive communication and erring on the side of caution. The clear, factual announcements helped prevent the spread of misinformation. This event serves as a real-world case study in how transparent communication from exchanges can stabilize community sentiment during potential crises. Regulatory Context and the South Korean Crypto Landscape South Korea maintains one of the world’s most comprehensive regulatory frameworks for cryptocurrency exchanges. The Specific Financial Information Act requires strict know-your-customer (KYC) and anti-money laundering (AML) compliance. Exchanges must also partner with commercial banks for real-name verification accounts. Moreover, they must obtain Information Security Management System (ISMS) certification. This regulatory environment demands high operational standards, including robust incident response plans. The simultaneous action by Upbit, Bithumb, and Coinone likely reflects a shared commitment to these standards. It also demonstrates the effectiveness of industry information-sharing channels that have developed under regulatory oversight. While the exchanges compete for market share, they cooperate on security threats that could undermine public trust in the entire sector. This balance between competition and collaboration is a defining feature of South Korea’s mature crypto market. The Path to Service Restoration Restoring IOTX services requires a multi-step verification process. First, the IoTeX core development team must investigate the flagged incident. They will analyze blockchain data, smart contract interactions, and node logs. Next, they will issue a public report or direct communication to exchange partners confirming the issue’s resolution. Subsequently, each exchange’s engineering team will test the updated network or patches on their own staging environments. Finally, the exchanges will coordinate to re-enable services, often with a block height update or node software upgrade. They typically provide users with at least several hours’ notice before resuming deposits and withdrawals. This entire protocol prioritizes security over speed, ensuring no residual risk remains before users’ assets are put in motion again. Conclusion The temporary suspension of IoTeX deposits and withdrawals by Upbit, Bithumb, and Coinone represents a prudent security measure, not a condemnation of the project. It highlights the sophisticated risk management protocols now standard among leading exchanges, particularly in strictly regulated markets like South Korea. This incident underscores the critical importance of security in blockchain networks and the collaborative relationship between projects and trading platforms. The focus remains on protecting user assets, and services will resume only after a thorough confirmation of network stability. The market’s measured response demonstrates growing maturity among participants who understand these necessary safeguards. FAQs Q1: Can I still buy or sell IOTX on Upbit, Bithumb, or Coinone? A1: Yes. The suspension applies only to depositing IOTX into your exchange wallet from an external source or withdrawing it out to another wallet. Spot trading (buying and selling IOTX for KRW or other cryptocurrencies) continues normally on all three platforms. Q2: What triggered this suspension? A2: The exchanges cited a “potential security incident” related to the IoTeX project. While details are under investigation, this typically means their security teams detected anomalous network activity, a potential smart contract vulnerability, or received credible threat intelligence that warranted a precautionary halt. Q3: How long will the IOTX deposit/withdrawal services be suspended? A3: There is no official timeline. Services will remain suspended until the exchanges, in consultation with the IoTeX development team, can fully confirm the stability and security of the network’s transfer functions. This could take from a day to over a week, depending on the issue’s complexity. Q4: Is my IOTX safe on these exchanges during the suspension? A4: According to the exchanges’ announcements, all user assets remain secure in their custody. The suspension is a preventative measure to stop the movement of tokens while a potential external network issue is investigated. It does not indicate a breach of the exchanges’ own systems. Q5: Have other global exchanges suspended IOTX trading? A5: As of the initial announcements, the suspension appears specific to the three major South Korean exchanges (Upbit, Bithumb, Coinone). Other global exchanges have not announced similar halts, but they are likely monitoring the situation closely and conducting their own reviews. This post IoTeX Security Alert: Upbit, Bithumb, Coinone Halt IOTX Transactions Amid Critical Investigation first appeared on BitcoinWorld .