BTC

$84269.96

-0.00%

ETH

$1994.85

1.16%

XRP

$2.394

0.04%

BNB

$628.388

-1.07%

News

Infini Attack by Insider Drains $50 Million in Crypto Heist

3 mins mins
Key Points:

– A former Infini smart contract engineer exploited retained admin privileges to steal nearly $50 million.
– Despite the breach, founder Christian Li assured users he would personally cover all losses.
– Investigations into the Infini attack are ongoing as authorities and security firms track the stolen assets.
Infini Attack by Insider Drains $50 Million in Crypto Heist

Stablecoin payment company Infini has suffered a significant security breach resulting in the loss of nearly $50 million.

The Infini attack, allegedly orchestrated by a former smart contract engineer, exploited admin privileges retained after the contract’s deployment.

Infini Attack Drains $50M from Crypto Platform

According to security firm Cyvers, the engineer involved in Infini’s contract development secretly maintained admin access, contrary to claims made to other team members that the privileges had been revoked. Over three months later, the individual leveraged this access to siphon funds from the platform.

The breach targeted the Morpho MEVCapital USDC Vault, resulting in the theft of approximately $49.5 million. Investigators discovered that the perpetrator funneled 1 Ether into a designated wallet via the cryptocurrency mixer Tornado Cash before executing the Infini attack.

Subsequently, they transferred $49.52 million worth of USD Coin (USDC) through a contract created in November 2024. To evade recovery efforts, the stolen USDC was swiftly converted into Dai (DAI), a stablecoin without a freeze function, before being exchanged for 17,696 Ether (ETH) and moved to a secondary wallet.

Infini exploiter address
Infini exploiter address. Source: Etherscan

Infini Founder Pledges Full Compensation Amid Investigation

Despite the security breach, Infini did not immediately halt withdrawals. The company’s founder, Christian Li, assured users via social media platform X that, in a worst-case scenario, full compensation would be provided.

Li also confirmed that $500,000 had already been withdrawn from the platform since the incident and pledged to cover the entire loss from his personal funds, accepting full responsibility for the attack.

The founder initially claimed on social media that the engineer responsible had been identified and reported to law enforcement. However, the post was later deleted, and Li later stated that the investigation remained ongoing.

This attack comes in the wake of the largest hack in cryptocurrency history, where Bybit, a major crypto exchange, suffered a staggering $1.4 billion loss in Ether and related tokens on February 21.

Unlike Infini attack, Bybit managed to maintain withdrawals and secure emergency funding from partners and rival exchanges to cover the deficit, preventing a liquidity crisis.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Rate this post
Follow us on Google News

Christian Li

ETH

Infini

USDC

Avatar of Harold

Harold

20 March 2025, 14:09:00 GMT +0000

With a passion for untangling the complexities of the financial world, I’ve spent over four years in financial journalism, covering everything from traditional equities to the cutting edge of venture capital. “The financial markets are a fascinating puzzle,” I often say, “and I love helping people make sense of them.” That’s what drives me to bring clear and insightful financial journalism to the readers of Coincu.

Other Posts: