Neobank Infini, a prepaid payment card issuer, faced a cyber attack in which approximately $49.5 million was stolen. The incident resulted from the hacker exploiting administrative privileges.
Attack Course
According to reports, the attack was orchestrated by a former developer exploiting administrative privileges. The hacker, assigned a few months back to work on Infini’s contract, retained admin rights over the smart contract, leading to the attack. During the exploit, the funds were extracted in two transactions: first for $11.45 million, then for $38.06 million, totaling $49.5 million. The funds were withdrawn from the USDC Vault and immediately converted to Dai, then into 17,696 ETH.
Infini's Response and Promises
Christian Li, founder of Infini, acknowledged the breach and took full responsibility, promising that all stolen funds would be returned to the customers. Infini engaged in dialogue with the hacker about returning the money, offering 20% of the total amount as a reward for the return. The company emphasized that all operations, including transfers and withdrawals, remain unaffected.
Security Issues and Potential Consequences
The audit firm QuillAudits stated that inadequate access control was one of the reasons behind the incident. Many companies continue to underestimate the importance of access control, leading to recurring incidents in the crypto space.
The incident with Neobank Infini becomes another case in a series of major hacks against crypto firms, emphasizing the need to strengthen security measures and access control.
