The DeFi platform Infini has experienced a significant exploit according to blockchain security firm Cyvers Alerts. The platform has reportedly lost $49M due to an exploit linked to admin privileges.
Details of Infini's Exploit
Cyvers Alerts associates the Infini exploit with the abuse of reserved admin privileges. The attacker leveraged these privileges within Infini's smart contract, leading to the breach.
How the Attack Occurred
The retained admin privileges were exploited by the attacker in the Infini smart contract. The attacker had administrative access before handing over the contract to the project team. The exploit occurred approximately one hundred days post-launch, using Tornado Cash to obscure transaction trails.
Preventative Measures Against Such Incidents
According to Cyvers Alerts, the Infini exploit emphasizes the need for strict access control and the timely revocation of admin privileges. DeFi projects require real-time threat detection and frequent security audits to prevent similar incursions.
The Infini exploit underscores the critical importance of continuous security in DeFi projects. Developer teams must adhere to stringent security protocols and conduct routine checks to avoid such vulnerabilities.
