Stablecoin Payments Platform Infini Loses $50 Million Due To Insider Exploit
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
A popular stablecoin payments platform Infini recently suffered what is believed to be an insider exploit. The platform lost $50 million to a former developer who allegedly retained admin privileges after completing work on the project.
The report came from a blockchain security firm Cyvers, which believes that the attacker funded the exploit wallet with 1 ETH using a well-known crypto mixing service called Tornado Cash. After that, the former developer withdrew $49.52 million in USDC from Infini’s wallets, using a contract they deployed back in November 2024.
Security experts explained that the stolen funds were swapped for Dai (DAI) — another stablecoin that does not have a freeze function. This is why it is preferred by bad actors, as it allows them to evade asset seizures.
The DAI was then converted into Ethereum — a total of 17,696 ETH — which was moved to a secondary address. However, despite the security breach and the theft, Infini decided not to halt withdrawals, as its founder, Christian Li, stated that the platform already saw over $500,000 in withdrawals following the attack.
Apart from letting the users withdraw funds as needed, Li also said that the platform will fully compensate its customers in a worst-case scenario.
Infini Breach Came Just After The Largest Hack In Crypto History
The claim that the party responsible is a former developer came from one of Infini’s team members, who revealed it in a tweet that has since been deleted. They claim that the engineer behind the theft was identified and reported to the authorities, but so far, there has yet to be an official confirmation of this statement.
The breach also attracted attention as it came just after the massive $1.4 billion Bybit hack, which is now the largest security breach in the history of the crypto sector. The exchange also opted to keep withdrawals open, and it secured loans to meet $5 billion in user withdrawals.
The Bybit hack was linked to the North Korean hacking team known as Lazarus Group, which has been targeting crypto platforms in the past. Experts have also found that the funds from Bybit were sent to multiple DEXes, including Uniswap, OKX DEX, and Sky (formerly MakerDAO).
