YEREVAN (CoinChapter.com) — Infini, a stablecoin-focused digital bank, lost $49 million in an exploit linked to an ex-developer. On-chain analysis revealed that the hacker misused retained admin privileges to drain funds from the platform.
CertiK Flags Infini Hack as Developer Attack
Blockchain security firm CertiK detected the Infini hack on Feb. 24. The report showed unauthorized fund transfers from an Infini-associated Ethereum contract.
Lookonchain confirmed that the hacker stole 49.5 million USDC, immediately converting it into 49.5 million DAI. The stolen DAI was then used to purchase 17,696 ETH, later moved to wallet 0xfcc8…6e49.
Ex-Developer Used Tornado Cash Before Attack
Cyvers Alerts identified the hacker as an ex-developer who previously worked on Infini’s contract. Over 100 days before the breach, the attacker funded their wallet using Tornado Cash and executed a small ETH transaction for gas fees. They then exploited retained administrative control to carry out the stablecoin exploit.
Private Key Leak or Admin Exploit?
Security firm PeckShield Alert suggested that a private key leak might have caused the Infini hack. However, Infini founder Christian Li denied that his private key was compromised. He acknowledged oversights in contract control transfers, stating that the incident served as a wake-up call.
Meanwhile, Infini’s co-founder Christine confirmed that the company would compensate customers for their stablecoin losses. She assured users that Infini had sufficient funds to cover the stolen amount.
Infini Hack Adds to Growing Crypto Exploits
The Infini stablecoin exploit follows a series of major security breaches in the crypto sector. On Feb. 21, Bybit suffered a $1.5 billion hack, one of the largest thefts in Ethereum history.
Bybit CEO Ben Zhou confirmed that over 400,000 ETH left the exchange’s wallet. The attacker quickly converted staked mETH and stETH tokens into ETH before moving the funds.
Bybit is working with blockchain security firms to track the assets and has launched a $140 million bounty for information. ZachXBT, a well-known blockchain investigator, linked the attack to the North Korean hacker group Lazarus.
The Infini hack and Bybit breach highlight ongoing security threats in crypto finance, with hackers exploiting admin control flaws and private key vulnerabilities.
