Summary
IoTeX is a Layer 1 blockchain and DePIN (Decentralized Physical Infrastructure Network) platform founded in 2017 by Raullen Chai, Qevan Guo, Jing Sun, and Xinxin Fan, with its native IOTX token launched via ICO in 2018. In February 2026 the project suffered a significant security incident when a compromised private key on the Ethereum side of its ioTube cross-chain bridge allowed an attacker to drain approximately $4.3–$4.4 million in assets and mint 410 million unauthorized CIOTX tokens, with total estimated damages disputed between $4.4 million (official) and $8.8 million (PeckShield). Additional concerns include a prior market-maker-linked near-zero price anomaly on Binance in October 2025, governance centralization risks from its 36-delegate Roll-DPoS consensus model, and on-chain analyst reports alleging the attacker's wallet was funded by the same entity behind the $49 million Infini Finance hack of 2025.
Connected Entities
1 entities- + 3 more
Timeline(15 events)
2017-01-01
IoTeX founded by Raullen Chai, Qevan Guo, Jing Sun, and Xinxin Fan with a focus on IoT blockchain infrastructure.
2018-05-25
IoTeX Token Generation Event (TGE) concludes; project raises approximately $70.52 million across five funding rounds.
2025-02-01
Infini Finance suffers $49 million exploit; on-chain analysts later allege the IoTeX attacker's funding wallet traces back to this incident.
2025-09-29
SEC Division of Corporation Finance issues no-action letter for DoubleZero's 2Z DePIN token, which IoTeX cites as validating its DePIN infrastructure strategy.
2025-10-10
IOTX displays near-zero '0.0000' price on Binance; subsequently attributed to a UI display bug and third-party market maker malfunction. IoTeX announces token buyback program.
2026-02-20
IoTeX ioTube bridge exploit begins: a compromised validator owner private key on Ethereum grants attacker administrative control over bridge contracts.
2026-02-21
On-chain analyst Specter publicly flags the IoTeX private key compromise at approximately 4:20 a.m. EST. Approximately $4.3 million in tokens drained from TokenSafe; up to 410 million CIOTX tokens minted without authorization. IOTX price falls ~22%.
2026-02-21
IoTeX validators coordinate to pause ioTube bridge; IoTeX halts its Layer 1 chain to freeze attacker addresses.
2026-02-22
IoTeX co-founder Raullen Chai publicly confirms the exploit, stating officially acknowledged losses of approximately $2 million (later revised to $4.4 million). A 10% white-hat bounty (~$440,000) offered for return of funds within 48 hours.
2026-02-22
Upbit, Bithumb, and Coinone suspend IOTX deposits and withdrawals; place token on investor protection watchlists.
2026-02-23
PeckShield estimates total damages above $8 million including value of minted tokens. IoTeX disputes figure, citing $4.4 million as confirmed loss.
2026-03-01
IoTeX publishes IIP-56 proposing full deprecation of CIOTX across all networks and a claims-based 1:1 redemption process for affected holders.
2026-03-12
IIP-56 governance proposal vote concludes.
2026-03-15
Upbit and Bithumb remove IOTX from investor protection watchlists following IoTeX security remediation and audit completion.
2026-03-20
Binance reopens IOTX trading; token briefly recovers approximately 29%.
Decision Log
- hash: 5abydgPEks6NbNyQ3Q7SNpFWdLTkYqmJKg1knwWt7oAZ
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:13 AM
last updated: 5/26/2026, 7:24:53 PM
avoid.net — verified advice for a post-truth world