TL;DR:
- IoTeX committed to providing 100% compensation to those affected by the ioTube Bridge hack, using treasury funds.
- The scheme divides users into two tiers: losses up to $10,000 will receive immediate payment; those above will be distributed over 12 months with a 10% bonus.
- 100% of the stolen funds were traced: 66.78 BTC identified across four Bitcoin addresses and monitored in real time.
IoTeX announced a full compensation plan for all users affected by the ioTube bridge exploit that occurred on February 21, which drained approximately $4.4 million in assets from the reserve. The Foundation confirmed it will use its own treasury funds to cover the losses, regardless of whether it manages to recover the assets stolen by the attacker.
The announcement was made through the third official incident report, published days after the IoTeX mainnet resumed operations on February 24, following two days of security updates that included the deployment of Mainnet version v2.3.4.
IoTeX Will Implement a Tiered Compensation System
The Foundation structured the plan into two categories. Tier 1 covers losses of up to $10,000 and represents more than 90% of affected users, who will receive an immediate reimbursement in stablecoins or native assets from Ethereum.
Tier 2 applies to losses exceeding $10,000: the first $10,000 is paid immediately and the remaining balance is distributed in quarterly installments over 12 months, with an additional 10% bonus in annually staked IOTX, guaranteeing a recovery of 110% of the original value. The claims portal and the official deposit address were scheduled for Friday, February 27.
Fund Tracing and Protocol Fortification
The IoTeX team also developed ioTrace, a real-time tracking tool that made it possible to map the movement of stolen funds across multiple chains. According to the reports, the attacker converted the assets into approximately 2,183 ETH and then moved them to Bitcoin through THORChain, accumulating 66.78 BTC spread across four addresses now under permanent monitoring.
The security update blocked at the protocol level the 29 identified attacker addresses and froze approximately 45 million IOTX tokens. The Foundation also is working with more than 20 exchanges and filed formal reports with the FBI.
In the long term, IoTeX will implement IIP-55, a governance protocol that will transfer bridge operations to a decentralized committee of validators, thereby eliminating the central point of failure that enabled the attack. Multi-signature controls, time locks, independent audits and a bug bounty program will also be incorporated.
