Stablecoin Heist Results in $49M Loss for Infini
In the Shadows, a Dev Wreaks Havoc:
The digital-only bank Infini has since been embroiled in a security crisis, with a whopping $49.5 million in USDC vanishing into thin air.
Days after the unsettling incident, the community's attention was drawn to suspicious activities on the Infini-associated Ethereum contract. certiK was the first to notice the red flags, reporting unapproved fund transfers[1]. Lookonchain later confirmed the grim truth - a cunning assailant stole a staggering 49.5 million USDC[2].
In a twisted turn of events, the bad actor was none other than an ex-developer who had worked on their very contract. Despite the project's completion and handover, the disgruntled individual had surreptitiously retained administrative control.
Fueled by stealth and malice, the culprit funneled funds into their wallet using Tornado Cash, conducted a discreet ETH transaction to settle the gas fees, and then orchestrated the heist[3].
When Cyvers Alerts shed light on the nefarious actor's whereabouts, they traced them back to the address 0xc49b...3e1[3]. PeckShield Alert proposed another theory, suggesting a private key leak, but Infini founder, Christian Li, swiftly dismissed such insinuations. He openly admitted to his past oversights in transferring control and took full responsibility for the breach[1].
Understanding the gravity of the situation, Li acknowledged this as a wake-up call for Infini. Meanwhile, fellow co-founder Christine vowed to repay customers for their losses, assuring them that the firm has the resources to cover it[1].
Originated in 2024, Infini empowers users by connecting traditional banking with cryptocurrency finance. Their innovative mobile platform offers stablecoin transactions, yield-generating accounts, and other banking services, bringing an evolutionary change to the financial sphere.
Breach After Breach:
The Infini incident reflects a concerning pattern in the crypto space, with breaches such as the $1.5 billion heist on crypto exchange Bybit on February 21[5]. CEO Ben Zhou confirmed the attack, which resulted in the loss of most of Bybit's ETH holdings[5]. The exploit led to a rapid departure of over 400,000 Ether, which were swiftly converted into stETH and staked mETH tokens before being exchanged back to ETH[5].
Bybit is working closely with blockchain security firms to retrieve the stolen assets, even establishing a $140 million bounty to encourage assistance. Blockchain investigator ZachXBT has narrowed down the likely culprit to the notorious North Korean hacker group Lazarus[5].
Stay safe and mindful within the rapidly evolving crypto ecosystem.
Footnotes:
[1] certiK Report
[2] Lookonchain Data
[3] Cyvers Alert
[4] Contradictory to PeckShield Alert's assertion
[5] Binance Research Article
Call to Action:
Don't let yourself become another victim in the ever-growing web of cyber threats. Stay smart and secure – invest only in trustworthy platforms and keep up-to-date with the latest developments in the crypto sphere.
Exclusive Offers:
Join Binance now and receive $600! Register here
Unlock a $500 FREE position on any coin at Bybit! Sign up here
- The suspicious activities on the Infini-associated Ethereum contract, leading to the disappearance of $49.5 million in USDC, were initially detected by the blockchain security firm certiK.
- The cunning assailant who stole the funds from Infini, a digital-only bank that empowers users with cryptocurrency finance, had surreptitiously retained administrative control of the contract despite its completion and handover.
- To carry out the heist, the assailant used Tornado Cash, a technology that allows for discreet fund transfers, and conducted a crypto transaction to settle gas fees.
- The crypto space has been plagued with breaches, as exemplified by the $1.5 billion heist on crypto exchange Bybit, with the loss of most of Bybit's ETH holdings, highlighting the need for vigilance and investing only in trustworthy platforms in this rapidly evolving sphere.
