IoTeX Foundation announces a comprehensive compensation plan for the ioTube cross-chain bridge security incident, pledging full refunds to all users holding USDC, USDT, ETH, or WBTC bridged from Ethereum at the time of the incident. The official recovery address and Claims Portal will go live on February 27. Users with losses under $10,000 can claim a full immediate reimbursement.
Two-tier Compensation Structure: Over 90% of Users Fully Reimbursed Immediately
(Source: IoTeX)
IoTeX Foundation has designed a clear layered compensation mechanism to ensure users with varying levels of losses are fully protected.
First Tier (Immediate Full Refund): Users with affected balances of $10,000 (USD equivalent) or less can claim their full loss immediately after the Claims Portal launches, paid in stablecoins or native Ethereum assets, covering over 90% of affected users.
Second Tier (Installment with Bonus): Users with affected balances exceeding $10,000 will receive the first $10,000 immediately after the Claims Portal launches; the remaining amount will be paid in four quarterly installments over 12 months, plus an additional 10% IOTX token compensation (with a 12-month staking period), ultimately totaling 110% of the affected value.
Five Steps to File a Claim on the Claims Portal
Step 1: On February 27, obtain the official address and Claims Portal link via IoTeX’s official website, Twitter/X, Discord, and Telegram. Do not trust any private messages.
Step 2: Transfer the affected bridging assets from your IoTeX wallet to the recovery address in a single transaction per asset. Splitting into multiple wallets disqualifies you.
Step 3: After on-chain transfer confirmation, submit your wallet address, asset type and amount, deposit transaction hash, and contact info through the Claims Portal.
Step 4: IoTeX Foundation verifies on-chain data and completes the compensation distribution on the Ethereum blockchain.
Step 5: The Foundation will regularly publish recovery reports detailing the number of claims, amounts processed, and remaining liabilities.
Funds Tracking Progress: 86% of Stolen CIOTX Frozen, BTC Addresses Under Continuous Monitoring
Since the incident, IoTeX Foundation has been actively tracking stolen funds and making progress. Over 86% of the 410 million CIOTX unauthorizedly minted by the attacker have been permanently locked via mainnet v2.3.4 chain-level controls. 12.8% have been traced to Binance and effectively frozen. Only about 0.4% (1.7 million CIOTX) have been moved through decentralized exchanges (DEX), which still poses risks.
The attacker has converted approximately 2,183 ETH from the bridge reserves, with about 1,572 ETH bridged via THORChain to the Bitcoin network. Four Bitcoin addresses holding a total of 66.78 BTC are under 24/7 surveillance, and these funds have not yet been moved.
The Foundation has submitted formal reports to the FBI and global law enforcement partners, and publicly announced a 10% white-hat bounty on-chain by February 25. The Foundation states that after the deadline, all legal, technical, and investigative measures will be initiated, and an independent security audit of all bridging infrastructure will be conducted and made public.
Frequently Asked Questions
Who is eligible for compensation in the IoTeX ioTube hacking incident?
Wallet owners holding legitimate bridged assets (USDC, USDT, ETH, WBTC) on the IoTeX chain at the time of the incident are eligible for full compensation. Addresses associated with the attacker, involved in exploiting the vulnerability for arbitrage, or identified by security partners as involved in the attack are not eligible.
How to apply for compensation for the IoTeX ioTube hacking incident?
Users should, after the Claims Portal launches on February 27, transfer their affected bridged assets in a single transaction to the official recovery address (one transaction per asset, no splitting). Then, submit a claim through the Claims Portal. Verify addresses and links through at least two official IoTeX channels to prevent phishing scams.
Is the IoTeX L1 mainnet affected by this incident?
IoTeX L1 blockchain remains unaffected and secure. The attack only impacted the ioTube bridging infrastructure. The security and integrity of the IoTeX core network are intact. The Foundation also commits to conducting independent security audits of all bridging infrastructure and publishing the results.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Alibaba Cloud "Shadow JVS" renamed to "JVS Claw," opens invitation-only beta testing
Alibaba Cloud JVS Claw Team's OpenClaw application has been renamed to "JVS Claw." The product centers around a customizable Clawbot and supports various skills and custom features. Currently in closed beta, users need to apply for an invitation code. Each user can create one bot, with a free quota of 8000 Credits, valid for 14 days.
GateNews18m ago
Gondi initiates compensation after $230,000 vulnerability, recovers stolen NFTs and returns them to the original owner
NFT Lending Protocol Gondi Announces Compensation for Users Who Suffered Losses Due to Smart Contract Vulnerability, with Approximately 78 NFTs stolen, estimated at around $230,000. The vulnerability stemmed from a logical flaw in the "Sell & Repay" contract, allowing attackers to transfer NFTs without owning them. Gondi is currently compensating users through a three-pronged approach: contacting affected users, recovering stolen NFTs, and repurchasing similar items using the proceeds. Other platform functions have returned to normal.
MarketWhisper50m ago
Virtuals Protocol introduces the ERC-8183 standard to build an AI agent business layer
Virtuals Protocol launched the ERC-8183 standard on March 10th, aiming to build a business layer for AI agents. The standard includes the "Job" primitive and three-party roles, supporting state transitions and custom logic, providing a business foundation and reputation signals.
GateNews58m ago
Pudgy Penguins launches browser-based free game Pudgy World
Gate News Announcement, March 10, - Pudgy Penguins announced on the X platform that the browser-based free game Pudgy World is now live. Players can access the game without downloading, explore 12 unique towns in The Berg, help Pengu find Polly, and participate in mini-games. The official statement says this is an important step in expanding the Pudgy Penguins audience and universe.
GateNews1h ago
Vitalik proposes one-click staking mechanism, Ethereum Foundation invests 72,000 ETH
The Ethereum Foundation is using DVT-lite technology to stake approximately 72,000 ETH, aiming to reduce staking complexity and enhance decentralization. Vitalik Buterin advocates for simplifying operations so that non-professional institutions can easily participate in staking, emphasizing that reliance on professionals should be avoided. This move will help improve system resilience and transparency.
MarketWhisper1h ago
Zhipu Hong Kong stocks rose over 12% to HKD 648, officially launching the AutoClaw product today
Gate News Report, March 10th, Hong Kong stocks' Zhipu surged over 12%, currently trading at 648 HKD. Zhipu officially launched the AutoClaw (Chinese name: Ao Long) product on that day. After users download and install, they can deploy "Lobster" on their local computers to use the full-featured OpenClaw native capabilities. Currently, Zhipu offers a certain amount of free credits for users to experience Lobster's capabilities.
GateNews1h ago
