- Infini lost $49.5 million USDC in a hack where the attacker exploited administrative privileges to access funds.
- The attacker swapped the stolen USDC for 17,696 ETH, transferring assets to a new wallet, raising security concerns.
- Infini processed $500,000 in user withdrawals post-hack, while authorities investigate a leaked private key linked to the breach.
Infini, a stablecoin neobank, suffered a significant security breach on Monday. On-chain trackers reported that $49.5 million USDC was drained from the platform. The attacker utilized administrative privileges, raising concerns about security vulnerabilities in decentralized finance.
Attacker Swaps Stolen USDC for Ethereum-Based Assets
According to blockchain analytics firm Lookonchain, the attacker converted the stolen 49.5 million USDC into DAI. The DAI was then used to purchase 17,696 ETH, which was transferred to a newly created wallet, “0xfcc8…6e49.” The movement of funds has been extensively monitored, with the attacker’s next steps remaining uncertain.
Further investigation from security tracker PeckShieldAlert revealed that the breach stemmed from a leaked private key. The compromised key, “0xc49b…e3e1,” allowed the attacker to execute unauthorized transactions.
Reports indicate that a community member first noticed suspicious transfers linked to Tornado Cash, a known cryptocurrency mixing service. Following the discovery, authorities identified an engineer allegedly responsible for the leak, and a police report was filed.
Hacker Exploited Administrative Privileges
Another analysis from ‘Cyvers Alerts’ confirmed that the attacker abused administrative rights embedded in Infini’s smart contract. The wallet used in the exploit initially deployed the contract, allowing the attacker to retain control. This oversight led to the unauthorized withdrawal of funds. The use of administrative privileges in the attack raises concerns about smart contract security practices.
Since the hack, Infini users have requested withdrawals amounting to $500,000. The platform confirmed that all requests were processed successfully. Despite the security breach, the neobank continues to operate, emphasizing its ability to manage user transactions amid the crisis.
This attack is part of a broader trend where stolen funds are frequently converted to ETH. In another recent breach, hackers stole $1.4 billion in ETH from crypto exchange Bybit. Bybit has since frozen $43 million in stolen assets, collaborating with multiple entities to mitigate losses.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
