IoTeX Bridge Hacked: 100% Compensation — Users with losses under $10,000 receive immediate reimbursement

IoTeX Foundation announces a comprehensive compensation plan for the ioTube cross-chain bridge security incident, pledging full refunds to all users holding USDC, USDT, ETH, or WBTC bridged from Ethereum at the time of the incident. The official recovery address and Claims Portal will go live on February 27. Users with losses under $10,000 can claim a full immediate reimbursement.

Two-tier Compensation Structure: Over 90% of Users Fully Reimbursed Immediately

(Source: IoTeX) IoTeX Foundation has designed a clear layered compensation mechanism to ensure users with varying levels of losses are fully protected.

First Tier (Immediate Full Refund): Users with affected balances of $10,000 (USD equivalent) or less can claim their full loss immediately after the Claims Portal launches, paid in stablecoins or native Ethereum assets, covering over 90% of affected users.

Second Tier (Installment with Bonus): Users with affected balances exceeding $10,000 will receive the first $10,000 immediately after the Claims Portal launches; the remaining amount will be paid in four quarterly installments over 12 months, plus an additional 10% IOTX token compensation (with a 12-month staking period), ultimately totaling 110% of the affected value.

Five Steps to File a Claim on the Claims Portal

Step 1: On February 27, obtain the official address and Claims Portal link via IoTeX’s official website, Twitter/X, Discord, and Telegram. Do not trust any private messages.

Step 2: Transfer the affected bridging assets from your IoTeX wallet to the recovery address in a single transaction per asset. Splitting into multiple wallets disqualifies you.

Step 3: After on-chain transfer confirmation, submit your wallet address, asset type and amount, deposit transaction hash, and contact info through the Claims Portal.

Step 4: IoTeX Foundation verifies on-chain data and completes the compensation distribution on the Ethereum blockchain.

Step 5: The Foundation will regularly publish recovery reports detailing the number of claims, amounts processed, and remaining liabilities.

Funds Tracking Progress: 86% of Stolen CIOTX Frozen, BTC Addresses Under Continuous Monitoring

Since the incident, IoTeX Foundation has been actively tracking stolen funds and making progress. Over 86% of the 410 million CIOTX unauthorizedly minted by the attacker have been permanently locked via mainnet v2.3.4 chain-level controls. 12.8% have been traced to Binance and effectively frozen. Only about 0.4% (1.7 million CIOTX) have been moved through decentralized exchanges (DEX), which still poses risks.

The attacker has converted approximately 2,183 ETH from the bridge reserves, with about 1,572 ETH bridged via THORChain to the Bitcoin network. Four Bitcoin addresses holding a total of 66.78 BTC are under 24/7 surveillance, and these funds have not yet been moved.

The Foundation has submitted formal reports to the FBI and global law enforcement partners, and publicly announced a 10% white-hat bounty on-chain by February 25. The Foundation states that after the deadline, all legal, technical, and investigative measures will be initiated, and an independent security audit of all bridging infrastructure will be conducted and made public.

Frequently Asked Questions

Who is eligible for compensation in the IoTeX ioTube hacking incident?

Wallet owners holding legitimate bridged assets (USDC, USDT, ETH, WBTC) on the IoTeX chain at the time of the incident are eligible for full compensation. Addresses associated with the attacker, involved in exploiting the vulnerability for arbitrage, or identified by security partners as involved in the attack are not eligible.

How to apply for compensation for the IoTeX ioTube hacking incident?

Users should, after the Claims Portal launches on February 27, transfer their affected bridged assets in a single transaction to the official recovery address (one transaction per asset, no splitting). Then, submit a claim through the Claims Portal. Verify addresses and links through at least two official IoTeX channels to prevent phishing scams.

Is the IoTeX L1 mainnet affected by this incident?

IoTeX L1 blockchain remains unaffected and secure. The attack only impacted the ioTube bridging infrastructure. The security and integrity of the IoTeX core network are intact. The Foundation also commits to conducting independent security audits of all bridging infrastructure and publishing the results.