Hong Kong's neobank Infini suffered a hack resulting in a loss of about $49 million. Experts explain the circumstances of the smart contract attack.
Details of the Hack
$49 million in USDC was drained from a smart contract, which previously received funds from Infini. The stolen funds were sent to an address funded using Tornado Cash, a privacy tool for obscuring crypto transactions.
Investigation of the Incident
Analysts from Cyvers and Blocksec confirmed the hack. The attackers exploited compromised administrative privileges on the contracts using address (0xc49) to change the settings of the smart contract and drain funds. Blocksec noted that the address was developed as part of the Infini project.
Infini's Response and User Future
Infini representatives expressed deep regret over the incident, stating that they are working to investigate and secure all systems. Infini's founder, Christian, clarified that the attacker retained administrative privileges, but there was no private key leak. He assured users that liquidity is not an issue and promised compensation for affected users.
The attack on Infini highlights the need for stronger smart contract security. Infini's leadership is actively working to address the aftermath and compensate user losses.
