Ex-Dev Exploits Stablecoin Bank Infini, Carts Away $49.5M Exploit
Digital stablecoin bank Infini suffered a $49.5 million hack, founder has vowed full compensation.
Infini suffers massive cyberattack days after the Bybit’s hack. The hacker carted away over $49.5 million as the the stablecoin bank looks to recover.
The hacker behind the recent breach swapped approximately 49.5 million DAI for around 17,700ETH and transferred the funds to a news address starting with “0xfcc8a” according to monitoring by peckshield.
They exploited a single private key to drain funds from the platform’s vault. According to Etherscan, the attacker stole a total of $49.5 million in two batches, 11,455,666 USDC and 38,060,996 USDC.
The funds moved through Uniswap, Sky Protocol, and 0x Protocol. Swapping out of USDC as fast as possible allowed the hacker to move funds into ETH. The fast pace transactions reduced chances of freezing the funds.
Afterward, the attacker split the proceeds into smaller sums and multiple addresses. The exploiter used a new wallet to send a small amount of ETH for gas and complete the transaction. The initial funding for the wallet came from Tornado Cash, veiling a part of the on-chain presence of the hacker.
Additionally it is confirmed that the attacker was originally involved in developing the contract for the Infini project. However, after delivering the project, they secretly retained admin rights. More than 100 days later, the attacker funded their address through Tornado Cash, sent a small ETH transaction for gas, and exploited the contract—draining all funds from the platform.
Infini Founder Promises Full Compensation.
Infini founder Christian Li responded to the hack, assuring users that the team is actively investigating and tracking the incident. He confirmed that user withdrawals remain unaffected and emphasized that, even in the worst-case scenario, full compensation will be provided. “Users can rest assured,” Christian stated, reaffirming the platform’s commitment to resolving the situation.
LI also reported that the suspected hacker’s computer was located and reported to the police. He added,” My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility.”
