Infini, a stablecoin payment firm, has suffered a $50 million exploit, with investigations pointing to a former developer who allegedly retained unauthorized administrative privileges after completing the project.
Blockchain security firm Cyvers uncovered the breach, revealing in an X post that the attacker maintained secret access to Infini’s smart contracts, allowing them to siphon off funds undetected.
According to Cyvers, the attacker initiated the exploit by funding a wallet with 1 Ether (ETH) from Tornado Cash, a cryptocurrency mixing service often associated with obscuring transaction trails. Using this wallet, they transferred approximately $49.52 million worth of USD Coin (USDC) from Infini through a smart contract they had created in November 2024.
To prevent fund recovery, the attacker swiftly converted the stolen USDC into Dai (DAI), a stablecoin without a freeze function. The funds were then exchanged for 17,696 ETH and moved to a secondary wallet, making it harder to trace or retrieve the assets.
Despite the breach, Infini did not halt withdrawals from its platform. Founder Christian Li addressed the incident on X, assuring users that, in the worst-case scenario, full compensation would be provided. Li also noted that since the exploit, the platform has processed around $500,000 in withdrawals. Similarly, Infini’s co-founder Christine, has assured customers that they would receive their funds back, claiming that the company could afford to compensate them.
Infini Neobank, launched in 2024, is a digital-only financial institution that combines traditional banking with cryptocurrency finance, operating exclusively through mobile apps without physical branches. It offers stablecoin transactions and yield-generating accounts. The platform has seen significant growth, reporting a 500% monthly increase in active users as of February 14.
The attack on Infini follows another major security breach in the crypto industry. On February 21, cryptocurrency exchange Bybit lost a staggering $1.4 billion in ETH and related tokens in a record-breaking hack. Concerns over potential insolvency loomed over Bybit, but the exchange kept withdrawals open and committed to covering losses if the stolen assets could not be recovered.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
