3 hours ago
10
You are here: Home / News / Infini Stablecoin Platform Loses $50M in Suspected Insider Hack
February 25, 2025 by Onyi
- Infini lost 17,696 ETH caused by a compromised private key
- The hacker converted $49.5 million in stolen USDC to DAI, then swapped it for ETH and then moved the funds
- Infini’s founder Christian Li, promised full compensation and is actively investigating the incident
Infini, a stablecoin payment company, has been hacked, losing 17,696 ETH, which is valued at about $50 million. Reports have it that a developer who still has administrative access after finishing the project may have been responsible for the breach.
Infini Earn Exploited as Hackers Convert Stolen USDC to ETH
Cyvers shared a report that the attacker is likely involved in Infini’s contract development and secretly kept administrative control after completing the project.
🚨ALERT🚨Today, @0xinfini suffered a $49M $USDC exploit due to an attacker abusing retained administrative privileges.
The attacker, operating from 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, had initially developed the contract as part of the Infini project. However, after… pic.twitter.com/olguOyNCJr
According to Lookonchain, it was a compromised private key that allowed two separate transactions to drain 11.4 million and 38 million USDC.
The hacker funded their wallet with 1 ETH from Tornado Cash before transferring $49.52 million in USDC from Infini using a contract they created in November 2024.
The stolen funds were quickly exchanged for DAI, a stablecoin which could not be frozen, then later converted to 17,696 ETH. As of now, the assets had been moved to another address. Investigators are still analyzing the exact details of the breach.
Analysis of the $49.5 million loss at @0xinfini :
The contract address
0x9A79f4105A4e1A050Ba0b42F25351D394fA7E1DC, which was created by the attacker address 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1,
was initially developed by the attacker as part of the Infini project.… pic.twitter.com/cptYI59pI0
Infini’s Founder Responds to Security Breach and Ongoing Investigation
Christian Li, the founder of the company has not been silent about the matter as he has encouraged users about the safety of their assets.
Li admitted to the security failure and accepted responsibility for not correctly transferring contract authority, which caused the breach. He assured users that withdrawals are still available, but all financial operations have been paused to help reduce further risks.
之前有朋友开玩笑说我这一路也太顺风顺水了,我说已经时刻做好了迎接第一个劫的准备,没想到在bybit之后紧接出事的是自己。
我的个人私钥没有泄漏,不用过度担心,是之前转交权限的时候有疏忽,归根结底是我的责任,这次敲醒了警钟。… https://t.co/7pHxtwD2ZV
Li also promised full compensation if the situation worsens and noted that the platform has already seen $500,000 withdrawn since the incident.
Co-founder Christine also supported this statement, confirming that Infini has enough funds to cover all the losses. She assured users that there would be compensation and emphasized that the team is more concerned with fixing the issue rather than giving reassurances. Christine promised timely updates and encouraged users to trust the team’s efforts.
Related Reading | Adam Back Blames Ethereum’s EVM for Bybit’s $1.4B Crypto Heist
English (US) ·