The hacker responsible for the $50 million exploit of the Hong Kong-based stablecoin platform Infini has begun laundering stolen assets through the sanctioned mixer Tornado Cash, while simultaneously using a portion of the haul to “buy the dip” on Ethereum ($ETH). On-chain data revealed that the attacker, identified as a rogue former contractor, leveraged administrative privileges to drain approximately $49.52 million in USD Coin ($USDC) before converting the loot into 17,696 $ETH and moving it to a secondary address for obfuscation.
Hacker exploits internal access to drain millions
The breach, which occurred in February 2025, was not the result of a traditional external hack but rather an insider job due to poor access management. Security firm Lookonchain reported that the perpetrator had previously worked on the Infini project as a contractor and secretly retained administrative rights. By leveraging these “backdoor” credentials, the attacker manipulated contract settings to siphon the funds without needing to exploit a private key leak.
The attacker initially created a malicious contract in November 2024, waiting 114 days until the protocol’s vault held sufficient assets. Once the strike began, the stolen $USDC was immediately swapped for Dai ($DAI), a stablecoin that lacks a centralized freeze function, making it nearly impossible for authorities to halt the movement of funds.
Stolen funds flow into Tornado Cash despite sanctions
Following the conversion of the assets into Ethereum, the exploiter has actively engaged with Tornado Cash to break the on-chain link between the source and destination addresses. This move comes despite heavy international sanctions on the mixer, which remains a primary tool for North Korean-linked groups and high-profile DeFi hackers looking to scrub illicit proceeds.
While the investigation continues, Infini founder Christian Li assured the community that the platform remains solvent and intends to provide full compensation to affected users. This incident mirrors previous security crises in the space, such as the Curve Finance bridge exploit, where protocol vulnerabilities led to millions in losses and forced immediate governance intervention.
Enjoyed this piece? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
