Crypto-focused neobank Infini was hacked, resulting in the loss of $49.5 million, raising questions about platform security.
Details of the Hack and Timeline
On February 24, 2025, CertiK flagged unusual activity on Infini's platform. At 3:18 am UTC, unauthorized transfers from an Infini-associated contract resulted in the loss of 49.5 million USDC. The hacker then swapped the funds for DAI and purchased 17,696 ETH, which were moved to a new wallet.
Role of Tornado Cash and Key Leak
PeckShieldAlert revealed that the community flagged suspicious transactions involving Tornado Cash. The leak of Infini's private key allowed the hacker to bypass security. The compromised key, '0xc49b...e3e1', enabled manipulation of platform funds, raising concerns over key management and smart contract security.
Promise of Compensation and Security Measures
Infini assured users that withdrawals remain unaffected. Founder Christian Li stated an investigation is underway and full compensation will be provided if necessary. He confessed the breach was due to an error in transferring authority, though the core operations remain unaffected.
The Infini hack reflects a growing trend of breaches in the crypto sector. While the platform ensures user data safety, the incident highlights the need for enhanced security measures.
