Reported by The Block: Infini suffered a hack resulting in a loss of about $49 million, according to several security analysts.
Analysts noted that $49 million in USDC was drained from a smart contract.
Infini, a Hong Kong-based stablecoin neobank and payments platform, suffered an attack that resulted in a loss of about $49 million.
Security analysts at Cyvers and Blocksec confirmed to The Block that Infini was the impacted entity.
Based on on-chain data, analysts said that $49 million in USDC was siphoned from a smart contract that previously received funds from Infini. The stolen funds were sent to an address funded by Tornado Cash, a privacy tool often used to obscure crypto transactions. The attacker has swapped the stablecoin into ether.
Cyvers noted that the exploit occurred because an attacker abused compromised administrative privileges on the contract. The specific contract address (0x9A7) was created by the attacker (0xc49) and was allegedly developed as part of the Infini project.
"The attacker used this address (0xc49) to change the settings of the smart contract and drained the whole fund," security firm Blocksec told The Block.
"We're aware of reports on a security compromise affecting Infini. We're deeply sorry for the concern this causes - our team is working around the clock to investigate and secure all systems at the moment," Infini said in response to the incident.
Meanwhile, Infini founder Christian clarified that the attacker had retained administrative privileges, and the incident did not result from a private key leak. According to a translated post on X, the founder claimed there was "no problem with liquidity" and that the impacted users would be compensated.
The Infini exploit follows closely on the heels of the largest crypto exploits to data on February 21, targeting Bybit, which lost $1.4 billion.
Security Incidents
