Stablecoin Bank Infini Hit by $49.5M Exploit, Founder Vows Full Repayment

Last updated:

Author

Jai Pratap

Author

Jai Pratap

About Author

Jai serves as the Asia Desk Editor for Cryptonews.com, where he leads a diverse team of international reporters. Jai has over five years of experience covering the web3 industry.

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Stablecoin Bank Infini Hit by $49.5M Exploit Days After Bybit Hack

Following the $1.4 billion Bybit hack on Friday, Hong Kong-based stablecoin digital bank Infini suffered a security breach, losing nearly $50 million in USDC. Initial reports suggest that the hacker used private keys to steal $49.5 million in USDC, swapped it for DAI, then converted it to ETH via the crypto mixer Tornado Cash, and deposited it into a new address, according to PeckShield.

The hacker exploited a single private key to drain funds from the platform’s vault. According to Etherscan, the attacker stole a total of $49.5 million in two batches, 11,455,666 USDC and 38,060,996 USDC.

The attacker was originally involved in developing the contract for the Infini project. However, after delivering the project, they secretly retained admin rights. More than 100 days later, the attacker funded their address through Tornado Cash, sent a small ETH transaction for gas, and exploited the contract—draining all funds from the platform.

Infini Founder Promises Full Compensation

Infini founder Christian Li responded to the hack, assuring users that the team is actively investigating and tracking the incident. He confirmed that user withdrawals remain unaffected and emphasized that, even in the worst-case scenario, full compensation will be provided. “Users can rest assured,” Christian stated, reaffirming the platform’s commitment to resolving the situation.

Christian also reported that s​​uspected hacker’s computer was located and reported to the police. He added,” My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility. This has sounded the alarm.”

You May Also Like