Infini, a stablecoin payment platform, has reportedly lost $50 million in an exploit, allegedly carried out by a developer who retained administrative privileges after the project was completed.
Security firm Cyvers has linked the attack to an insider with prior access to Infini’s contract development.
Infini’s Response to the Attack
The attacker funded the exploit wallet with 1 Ether (ETH) from the Tornado Cash cryptocurrency mixer. Using a contract they created in November 2024, they transferred $49.52 million in USD Coin (USDC) from Infini.
To prevent recovery, the USDC was quickly swapped for Dai (DAI), a stablecoin without a freeze function. The funds were then converted to 17,696 ETH and transferred to a secondary wallet.
Infini’s Response on X
Despite the attack, Infini did not halt withdrawals. Founder Christian Li assured users via an X post that full compensation would be provided in a worst-case scenario. Since the exploit, the platform has observed $500,000 in withdrawals.
In a now-deleted tweet, Infini team member Christine claimed that the engineer behind the attack had been identified and reported to authorities. However, when questioned by Cointelegraph, she clarified that the investigation is still ongoing.
Growing Concerns After Major Hacks
The Infini exploit follows a historic hack on cryptocurrency exchange Bybit, which lost $1.4 billion in Ether and related tokens on February 21. The Bybit attack raised fears of potential insolvency, though the exchange opted to keep withdrawals open and committed to covering losses if funds were not recovered.
What’s Next?
As the investigation into Infini’s exploit continues, the case highlights the risks of insider threats in crypto projects. The security breach underscores the importance of auditing smart contracts and revoking admin privileges after project completion.
“Read Bybit Suffers Record-Breaking $1.5 Billion Crypto Heist
