Infini, a stablecoin payment firm, suffered a $50 million hack. An alleged former developer retained unauthorized access, allowing the attack.
Details of the Attack
Blockchain security firm Cyvers uncovered the breach, revealing in an X post that the attacker maintained secret access to Infini's smart contracts, allowing fund transfers undetected. The attacker initiated the exploit by funding a wallet with 1 Ether (ETH) via Tornado Cash, a cryptocurrency mixer often used to obscure transaction trails. Using this wallet, approximately $49.52 million worth of USD Coin (USDC) was transferred from Infini via a pre-created smart contract.
Infini's Response
Despite the breach, Infini did not halt platform withdrawals. Founder Christian Li assured users on X that full compensation would be provided if necessary. Co-founder Christine also assured customers of fund recovery, claiming company capability to compensate.
Context and Comparable Incidents
The attack on Infini occurred amidst another major crypto security breach. On February 21, the cryptocurrency exchange Bybit lost a staggering $1.4 billion in ETH and related tokens in a record-breaking hack. Concerns over potential insolvency loomed, but the exchange kept withdrawals open with a commitment to cover losses if stolen assets could not be retrieved.
The Infini hack underscores the growing threats in cryptocurrency security and the challenges of protecting digital assets. Despite security measures, attacks continue, leaving companies and users in uncertainty.
