TL;DR
- Infini was hacked for $50 million by a developer who retained administrative privileges post-project completion, raising serious security concerns in the DeFi ecosystem.
- The attacker used 1 ETH from Tornado Cash to fund the hack, transferred $49.52 million worth of USDC through a custom contract, and swapped it for DAI to avoid detection.
- Despite the breach, Infini did not pause withdrawals, and the team is investigating with the engineer identified and reported to the police.
Infini, a prominent stablecoin payment firm, has fallen victim to a $50 million exploit. The attack, which has sent ripples through the crypto community, is suspected to have been orchestrated by a rogue developer who retained administrative privileges after the project’s completion. This breach has raised serious concerns about the security measures within the DeFi ecosystem.
https://twitter.com/CyversAlerts/status/1893903649916555556
The Method of Attack
According to reports, the perpetrator funded the wallet used in the hack with 1 Ether (ETH) from the cryptocurrency mixing service Tornado Cash. This initial step was crucial in masking the origin of the funds.
The attacker then transferred $49.52 million worth of USD Coin (USDC) from Infini through a contract they had created in November 2024. The USDC was swiftly swapped for Dai (DAI), a stablecoin that does not have a freeze function, making it easier for the hacker to move the funds without detection.
The Aftermath
The stolen funds were converted into 17,696 ETH and moved into a secondary address. Despite the severity of the breach, the Infini team did not pause withdrawals. This decision has been met with mixed reactions from the crypto community.
Infini’s founder, Christian Li, assured users in a social media post that full compensation would be provided in the worst-case scenario. He also noted that the platform had observed $500,000 in withdrawals since the theft.
Ongoing Investigation
In a now-deleted tweet, a member of the Infini team stated that the engineer responsible for the theft had been identified and reported to the police. However, the investigation is still ongoing, and the team is working diligently to uncover all the details of the exploit.
This incident follows closely on the heels of another major hack in the cryptocurrency space, highlighting the persistent security challenges faced by DeFi platforms.
The Infini hack serves as a stark reminder of the vulnerabilities that exist within the DeFi ecosystem. As the investigation continues, the community watches closely, hoping for a resolution that will restore confidence in the security of decentralized financial platforms.
