IoTeX Foundation announces a comprehensive compensation plan for the ioTube cross-chain bridge security incident, pledging full refunds to all users holding USDC, USDT, ETH, or WBTC bridged from Ethereum at the time of the incident. The official recovery address and Claims Portal will go live on February 27. Users with losses under $10,000 can claim a full immediate reimbursement.
Two-tier Compensation Structure: Over 90% of Users Fully Reimbursed Immediately
(Source: IoTeX)
IoTeX Foundation has designed a clear layered compensation mechanism to ensure users with varying levels of losses are fully protected.
First Tier (Immediate Full Refund): Users with affected balances of $10,000 (USD equivalent) or less can claim their full loss immediately after the Claims Portal launches, paid in stablecoins or native Ethereum assets, covering over 90% of affected users.
Second Tier (Installment with Bonus): Users with affected balances exceeding $10,000 will receive the first $10,000 immediately after the Claims Portal launches; the remaining amount will be paid in four quarterly installments over 12 months, plus an additional 10% IOTX token compensation (with a 12-month staking period), ultimately totaling 110% of the affected value.
Five Steps to File a Claim on the Claims Portal
Step 1: On February 27, obtain the official address and Claims Portal link via IoTeX’s official website, Twitter/X, Discord, and Telegram. Do not trust any private messages.
Step 2: Transfer the affected bridging assets from your IoTeX wallet to the recovery address in a single transaction per asset. Splitting into multiple wallets disqualifies you.
Step 3: After on-chain transfer confirmation, submit your wallet address, asset type and amount, deposit transaction hash, and contact info through the Claims Portal.
Step 4: IoTeX Foundation verifies on-chain data and completes the compensation distribution on the Ethereum blockchain.
Step 5: The Foundation will regularly publish recovery reports detailing the number of claims, amounts processed, and remaining liabilities.
Funds Tracking Progress: 86% of Stolen CIOTX Frozen, BTC Addresses Under Continuous Monitoring
Since the incident, IoTeX Foundation has been actively tracking stolen funds and making progress. Over 86% of the 410 million CIOTX unauthorizedly minted by the attacker have been permanently locked via mainnet v2.3.4 chain-level controls. 12.8% have been traced to Binance and effectively frozen. Only about 0.4% (1.7 million CIOTX) have been moved through decentralized exchanges (DEX), which still poses risks.
The attacker has converted approximately 2,183 ETH from the bridge reserves, with about 1,572 ETH bridged via THORChain to the Bitcoin network. Four Bitcoin addresses holding a total of 66.78 BTC are under 24/7 surveillance, and these funds have not yet been moved.
The Foundation has submitted formal reports to the FBI and global law enforcement partners, and publicly announced a 10% white-hat bounty on-chain by February 25. The Foundation states that after the deadline, all legal, technical, and investigative measures will be initiated, and an independent security audit of all bridging infrastructure will be conducted and made public.
Frequently Asked Questions
Who is eligible for compensation in the IoTeX ioTube hacking incident?
Wallet owners holding legitimate bridged assets (USDC, USDT, ETH, WBTC) on the IoTeX chain at the time of the incident are eligible for full compensation. Addresses associated with the attacker, involved in exploiting the vulnerability for arbitrage, or identified by security partners as involved in the attack are not eligible.
How to apply for compensation for the IoTeX ioTube hacking incident?
Users should, after the Claims Portal launches on February 27, transfer their affected bridged assets in a single transaction to the official recovery address (one transaction per asset, no splitting). Then, submit a claim through the Claims Portal. Verify addresses and links through at least two official IoTeX channels to prevent phishing scams.
Is the IoTeX L1 mainnet affected by this incident?
IoTeX L1 blockchain remains unaffected and secure. The attack only impacted the ioTube bridging infrastructure. The security and integrity of the IoTeX core network are intact. The Foundation also commits to conducting independent security audits of all bridging infrastructure and publishing the results.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Circle completes $68 million in internal settlements among 8 entities using USDC within the first month
Circle CEO Jeremy Allaire revealed that Circle has completed internal entity transfers using USDC through the Circle Mint platform, transferring over $68 million in the first month, with significantly higher efficiency than traditional bank wire transfers. The platform will launch a fund management update in March to optimize account transfers and integrate with accounting system APIs.
GateNews3m ago
OpenSea introduces the Skill feature, enabling AI agents to query NFT data
Gate News Report, March 7th, OpenSea launched the Skill feature for AI agents. Users can query information such as NFTs, listings, and transactions through the terminal, or install it as a Skill to access OpenSea's on-chain data. This feature aims to provide AI agents with more powerful data access capabilities.
GateNews12m ago
Claude Code desktop version introduces local scheduled task feature
Gate News Announcement, March 7th, Claude Code core member Thariq tweeted that the desktop version of Claude Code has launched a local scheduled task feature. Users can create scheduled tasks and set them to run periodically; as long as the computer is awake, these tasks will continue to execute.
GateNews12m ago
Renaiss releases BETA 2.0 roadmap, launches AI sub-brand Auranaiss Intelligence, and kicks off the Hackathon
Renaiss Protocol released the BETA 2.0 roadmap on March 7th, announcing a comprehensive upgrade, the launch of the AI Laboratory Auranaiss Intelligence, and open-source capability modules. A Hackathon will be held in April to attract developers. The first ecosystem project, What's Your References, has begun testing, and a co-branded card pack has been launched in collaboration with Collector Crypt. Currently, it has accumulated 220,000 users and $4 million in trading volume.
GateNews2h ago
Shiba Inu Community Update: New ShibClaw Skill Launches With Warning Issued - U.Today
The ShibClaw skill aims to enhance the Shiba Inu ecosystem by introducing AI agents that automate tasks on the Shibarium blockchain. It emphasizes community collaboration and includes important tools for network interactions, while urging users to remain cautious against scams.
UToday3h ago
