IoTeX (ioTube Bridge): Private key compromise → malicious contract upgrade → TokenSafe drain + MinterPool abuse
IoTeX's ioTube bridge uses a contract on Ethereum. A single externally owned account (EOA) held unchecked upgrade authority over this contract — no multisig, no timelock, no circuit breaker.
Summary #
IoTeX (ioTube Bridge) suffered a Cross-Chain Bridge on 2026-02-21, resulting in a loss of approximately $4M.
What happened #
IoTeX's ioTube bridge uses a contract on Ethereum. A single externally owned account (EOA) held unchecked upgrade authority over this contract — no multisig, no timelock, no circuit breaker.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Announced post-hack ($440K, 10% of stolen funds, 48h window — no response)]
- RD-F-027 — causal : ★ Single admin EOA (not multisig, not timelock) [via cross-hack: Factor 18: Single Admin Key With No On-Chain Delay]
- RD-F-032 — related : Timelock duration on upgrades = 0 [via cross-hack: Factor 18: Single Admin Key With No On-Chain Delay]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — upgrade() call on TransferValidator was the pivot point; observable on-chain]