Krypto oriented Neobank Infini has an exploit of $ 49.5 million

• Infini Neobank chopped for $ 49.5 million, which was exchanged at around 17,696 ETH.
• The attacker took advantage of the administrator rights received at Infini's intelligent contract.
• The founder of Infini has promised full compensation, citing negligence in the transfer of authority.

On February 24, 2025, Infini, a stable coin Neobank, cryptocurrency and traditional finances based in Hong Kong, experienced a devastating security violation, which led to a loss of approx. $ 49.5 million in USD coin (USDC).

The exploit, First marked by blockchain security company Certik at 3:18 o'clock utc (Defi) community cleverly and persistent weaknesses in the cryptor room underlines, especially after the latest 1.4 billion dollar -hack from Bybit on February 21, 2025.

The Infini attack

The attack aimed at a Infini contract for the Ethereum-Blockchain In particular the address 0x9a79f4105a4e1a050b42f25351d394fa7e1dc.

According to security analysts from Certik, Cyvers, Blocksec and Peckshield, a hacker gained unauthorized access by using the administrative beneficiaries within the contract. The attacker, who operated from the address 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, initially developed the Smart Treaty for Infini, but kept control of the project taking into account the project.

This insider access enabled the hacker to manipulate the settings of the contract and 49.5 million US dollars in USDC from what is used as Morpho Mev Capital.

After the theft, the hacker quickly convert the stolen USDC into Dai (DAI) and then bought 17,696 Ethereum (ETH) worth around 49 million US dollars at this time.

it seems that the stablecoin bank @0xinfini was chopped and 49.5 m $ usdc was stolen.

The hacker exchanged 49.5 m from $ usdc $ dai and bought 17.696 $ eth .

The 17.696 $ ETH was overlooked in a new wallet "0xfcc8 ... 6e49" Rel = "NOFOLLOW" TARGET = "_ blank" href = "https://t.co/adayb3q5la"> https://t.co/adayb3q5la pic.twitter.com/rft6zdtdwo

- Lookonchain (@lookonchain) 24. February 2025

The funds were then transferred to a new wallet, 0xFCC8… 6E49, and divided over several addresses, with the initial financing on Tornado -Cash, a data protection tool that was often used to cover cryptocurrency transactions. At the time of reporting, however, the ETH did not remain mixed, which indicates that the continuous efforts to pursue the movements of the hacker were due.

Infini's answer

Infini, which was only launched in 2024 as a Neobank, which offers stablecoin transactions, crypto card services and high numbers, has published an official explanation in which the security violation is recognized that "all transfer, deposits and payments remain normal use and work status."

We are aware of reports on a security compromise that affects infini. We are very sorry for the concern that causes these causes - our team works around the clock to examine and secure all systems.

All transmissions, deposits, withdrawals and payments remain in normal use ...

- Infini (@0xinfini) 24. February 2025

Infini's founder Christian Li took on full responsibility for the exploit in A contribution to x but his negligence in the transfer of the authority from the developer to the project. "My personal private key was not leaked so much so that I was negligent when the authority was transferred. It is ultimately in my responsibility. This raised the alarm ... there is no problem with liquidity. Complete compensation can be paid and the funds are being followed," he wrote.

Despite this calming, some onkain analyzes, including Peckshield, interpret a potential private key compromise, which increases the investigation.

effects of the exploit

Exploit has raised serious questions about private key management, intelligent contractual security and the risks of insider threats in Defi platforms.

Infini, which has recorded a meteoric growth and has recorded a monthly increase in active users by 500%, especially after the start of his crypto card campaigns, now has a critical test for its resistance. The top -class products of the Neobank, which are supposed to attract liquidity, accidentally represented the conditions for exploit and reinforces the financial effects.

This incident follows exactly after the Bybit Exchange -Hack, in which manipulated Smart Contract Logic astonishing 1.4 billion US dollars. The similarity in tactics, the division and mix of ETH led the investigator ZachxBT on the chains to speculate that the Lazarus hacker group known for such methods may be involved, although no direct connection with Infini's attacker has been confirmed.

The Lazarus Group has just chained the Bybit hack directly with the phemex hack, which for both incidents from the address of the intial theft of theft of theft.

overlapping address:
0x33d057477925c4b2e720387cb89f8f65

Bybit hack Txns on February 22, 2025: pic.twitter.com/dh2ohubcvw

- zachxBT (@zachxbt) 22. February 2025

The quick succession of these top-class violations has attributed the demands for robust security protocols to centralized and decentralized crypto platforms.

Interestingly, the influx of stolen ETH paradoxically catalyzed a small rally and increased the price of Ethereum for the first time in weeks over 2,800 US dollars when the stock exchanges were thrown into the refill reserves.

The Infini incident also triggered concerns about potential money laundering or enemy regimental finance, since tornado bargain and the scope of the theft were used.