Infini Drained of $50M—Insider Blamed for Security Breach

Crypto News Exploits

Infini Drained of $50 Million—Insider Access Blamed for Security Breach

Written by Aaron S.,

Editor-In-Chief

Last Updated: February 24, 2025

Key Takeaways

Infini lost $50 million in an exploit, allegedly due to a developer secretly keeping admin access;
The attacker swapped stolen USDC for Dai, and then converted it into 17,696 ETH to avoid freezing;
Infini assured users that withdrawals remain normal and promised full compensation if needed.

Stop overpaying - start transferring money with Ogvio. Sign up, invite friends & grab Rewards now! 🎁

Infini Drained of $50 Million—Insider Access Blamed for Security Breach

BITDEGREE IN YOUR SOCIAL FEED

Infini, a stablecoin payment platform, has suffered a $50 million exploit, with investigators pointing to a developer who allegedly kept administrative access after completing their work.

According to cybersecurity firm Cyvers, the individual involved worked on Infini’s smart contract development and secretly retained control, which allowed them to carry out the attack.

The attacker’s wallet was initially funded with 1 Ethereum ETH $3,315.88 through Tornado Cash, a cryptocurrency mixing service. Using a contract they had created in November 2024, they withdrew $49.52 million in USD Coin USDC $1.00 from Infini.

What Is Chia? | Crypto Finally Explained

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

The USDC was immediately exchanged for Dai DAI $1.00 , a stablecoin without a freeze function, to prevent the stolen funds from being frozen. The funds were then converted into 17,696 ETH and transferred to another wallet.

Infini did not halt withdrawals despite the major loss. In a February 24 post on X, Christian Li, the platform's founder, stated:

We are still sorting out and tracking the details. Withdrawals are normal and in the worst case scenario, full compensation will be paid, so you can rest assured.

He also noted that around $500,000 had been withdrawn from the platform following the incident.

An Infini team member, identified as “Christine”, posted on X that the person behind the exploit had been identified and reported to the authorities. However, the post was later deleted.

Recently, Elliptic explained the typical process used by the Lazarus Group, the hackers behind the $1.4 billion theft from Bybit $3.31B , to cover their tracks. How? Read the full story.