Christian Li, founder of stablecoin digital bank Infini, has reached out once again to the hacker responsible for stealing $49.5 million from the company’s wallets, offering a white-hat agreement and a 20% bounty in exchange for the return of the stolen funds.
In a blockchain transaction and the message following it, Li sent 0.1 ETH to the hacker’s wallet, acknowledging their skills in finding vulnerabilities in Infini’s protocol. The message restated the company’s offer: if the hacker returns the funds, they can retain 20% as a bounty, and there will be no legal repercussions.
This marks Infini’s second direct message to the hacker. The first message was sent on February 24, the day of the attack, warning that the company was monitoring the compromised wallet and set a 48-hour deadline for a response, threatening further investigation and possible law enforcement action. This attack happened shortly after Infini announced reaching $50 million in total value locked (TVL). Unauthorized transactions linked to an Infini-affiliated contract on Ethereum were identified by blockchain security firm CertiK.
The attacker exploited a privileged account labelled “0xc49b…” to withdraw 49.5 million USD Coin (USDC), which was then converted to Dai (DAI) and used to buy 17,696 Ethereum (ETH). The Ethereum was reportedly transferred to a different wallet identified as “0xfcc8…6e49.” According to cybersecurity firm Cyvers, the incident was attributed to an insider threat, as a developer setting up Infini’s smart contracts retained administrative rights and later used them to drain funds. The wallet used in the transfer had previously interacted with Tornado Cash, a cryptocurrency mixer known for obscuring transaction trails.
This method of attack differentiates the Infini breach from other recent high-profile crypto heists, such as Bybit’s, which stemmed from weaknesses in wallet security rather than insider manipulation. In the aftermath of the attack, Infini’s co-founder assured customers they would be reimbursed. Meanwhile, the company remains negotiating with the hacker, hoping to recover some stolen funds through the bounty offer.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
