As the crypto community is still recovering from the recent Bybit hack, another devastating attack has shaken the industry. Infini, a stablecoin-based neobank, has fallen victim to a crypto attack, resulting in a loss of approximately $49.5 million.
Infini- Latest Victim of Crypto Attack after Bybit Hack
Reports suggest that Infini Earn Funds were stolen today, with funds being drained from the Morpho MEVCapital Usual USDC Vault. The hacker made off with two separate amounts: 11,455,666 USDC and 38,060,996 USDC. The attack appears to have been facilitated by a leaked private key.
According to CertiK Alert, a suspicious fund transfer was flagged from an unverified contract. The transfer address was identified as 0x9A79f4105A4e1A050Ba0b42F25351D394fA7E1DC, and the recipient address, 0x3ac96134fb0e42a52d33045aee50b89790f05ed0, received the stolen funds. These funds, totaling $49.5 million, are currently being converted into DAI.
Furthermore, latest investigation revealed that the compromised account, 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, had been granted a special role (‘0x8e9b’) that enabled the withdrawal of all funds from the address 0x9A79. The attacker, identified as 0x3ac9, has exchanged the stolen assets for 17,696 ETH, which is valued at nearly $49.5 million.
还在梳理和追踪详细情况,提现正常,最差情况全额赔付,可以放心。
— Christian (Building @0xinfini) (@Christianeth) February 24, 2025
Infini, which operates as a stablecoin digital bank, quickly responded to the attack. Co-founder Christine assured the public that full compensation would be provided, saying, “Don’t worry, we will pay in full. The engineer involved has been located and controlled. The case has been reported. Infini will be fine. I will keep you updated on the progress as soon as possible.”
Yu Xian, founder of blockchain security firm SlowMist, also confirmed that his team was actively investigating the theft, describing the attacker as ’a very technical person.’
In a statement, Infini’s co-founder Christian added, “We are still sorting out and tracking the details. Withdrawals are normal. In the worst case, full compensation will be paid, so you can rest assured.” He further explained, “A friend once joked that I had been having too smooth sailing along the way. I said I was always prepared for the first disaster, but I didn’t expect it to happen so soon after Bybit.”
Christian emphasized that his personal private key had not been compromised, attributing the attack to negligence during the transfer of authority. He took responsibility for the breach, stating, “It is ultimately my fault, and this has sounded the alarm.”
He reassured customers, “There is no problem with liquidity. Full compensation will be paid, and the funds are being traced. I’m sorry for the worry caused to those who trusted us. Rebuilding trust will be difficult, but we won’t give up.”
Also Read: Bybit Attack: Hacker Launders Funds via eXch Exchange, Despite Denials
