The stablecoin payments platform Infini has fallen victim to an exploit resulting in the loss of $50 million. The incident, allegedly organized by a developer, has raised significant concern in the crypto community.
Details of the Infini Exploit
According to a report from Cyvers, a developer who retained administrative privileges after completing work on the Infini project allegedly carried out the attack. The attacker funded the exploit wallet with 1 ETH through the crypto mixer Tornado Cash before withdrawing $49.52 million in USDC from Infini. The stolen funds were then converted to Dai (DAI)—a stablecoin often used by cybercriminals to evade asset seizures—and moved into 17,696 ETH, which were transferred to a different address.
Connection to Previous Incidents in the Crypto Sphere
The Infini breach follows the Bybit hack, the largest in crypto history, which resulted in the loss of $1.4 billion. Blockchain analyst ZachXBT linked the Bybit hacker to North Korea’s Lazarus Group, which has also been involved in attacks on Phemex and BingX. The stolen ETH from Bybit was sent to multiple DEXs, such as Uniswap and OKX DEX, showing similar methods of fund concealment used by the perpetrators.
Company's Reaction and Next Steps
Despite the breach, Infini did not halt withdrawals. Founder Christian Li stated that the platform had already seen $500,000 in withdrawals since the attack and promised full compensation in a worst-case scenario. A now-deleted tweet from an Infini team member suggested that the identity of the engineer behind the theft had been identified and reported to authorities, although official confirmation is still pending.
The attack on Infini has posed a serious threat to security in the crypto sector. While the company promises to reimburse the losses, the incident highlights the importance of robust protection against internal threats and cyber attacks.
