YEREVAN (CoinChapter.com) — Infini, a stablecoin-focused digital bank, lost $49 million in an exploit linked to an ex-developer. On-chain analysis revealed that the hacker misused retained admin privileges to drain funds from the platform.
CertiK Flags Infini Hack as Developer Attack
Blockchain security firm CertiK detected the Infini hack on Feb. 24. The report showed unauthorized fund transfers from an Infini-associated Ethereum contract.
Infini Hack: CertiK Alerts on $49M Stablecoin Theft via Unverified Contracts. Source: CertiK AlertLookonchain confirmed that the hacker stole 49.5 million USDC, immediately converting it into 49.5 million DAI. The stolen DAI was then used to purchase 17,696 ETH, later moved to wallet 0xfcc8…6e49.
Lookonchain Confirms Infini Hack: $49.5M USDC Stolen and Swapped for ETH. Source: LookonchainEx-Developer Used Tornado Cash Before Attack
Cyvers Alerts identified the hacker as an ex-developer who previously worked on Infini’s contract. Over 100 days before the breach, the attacker funded their wallet using Tornado Cash and executed a small ETH transaction for gas fees. They then exploited retained administrative control to carry out the stablecoin exploit.
Cyvers Alerts Identifies Infini Hack: $49M USDC Stolen via Retained Admin Privileges. Source: Cyvers AlertsPrivate Key Leak or Admin Exploit?
Security firm PeckShield Alert suggested that a private key leak might have caused the Infini hack. However, Infini founder Christian Li denied that his private key was compromised. He acknowledged oversights in contract control transfers, stating that the incident served as a wake-up call.
PeckShield Alert Reports Infini Hack: $49M Stolen via Suspected Private Key Leak. Source: PeckShield AlertMeanwhile, Infini’s co-founder Christine confirmed that the company would compensate customers for their stablecoin losses. She assured users that Infini had sufficient funds to cover the stolen amount.
Infini Co-Founder Christine Assures Compensation After $49M Hack. Source: Christine (@xsexybanana)Infini Hack Adds to Growing Crypto Exploits
The Infini stablecoin exploit follows a series of major security breaches in the crypto sector. On Feb. 21, Bybit suffered a $1.5 billion hack, one of the largest thefts in Ethereum history.
Bybit CEO Ben Zhou confirmed that over 400,000 ETH left the exchange’s wallet. The attacker quickly converted staked mETH and stETH tokens into ETH before moving the funds.
Bybit CEO Ben Zhou and CZ Discuss $1.5B Crypto Hack and Withdrawal Risks. Source: X (@benbybit, @cz_binance)Bybit is working with blockchain security firms to track the assets and has launched a $140 million bounty for information. ZachXBT, a well-known blockchain investigator, linked the attack to the North Korean hacker group Lazarus.
The Infini hack and Bybit breach highlight ongoing security threats in crypto finance, with hackers exploiting admin control flaws and private key vulnerabilities.
The post Infini Loses $49M in Stablecoin Hack—Private Key or Admin Leak? appeared first on Coinchapter.
%%featured_image%%
