**Infini Neobank Faces $49.5 Million Hack, But Users Can Rest Easy with Promised Compensation and Ongoing Investigation**
Infini, a crypto-focused neobank, has recently experienced a significant security breach, resulting in a loss of $49.5 million. The hacker took advantage of vulnerabilities within the platform, accessing a contract linked to Infini and converting the stolen funds into Ethereum (ETH). The rapid laundering and movement of these funds have raised alarms within the crypto community regarding security practices.
The incident was first reported on February 24, when CertiK, a well-known blockchain security firm, detected unusual activities on Infini’s network. At around 3:18 am UTC, CertiK identified unauthorized transfers from an Infini-related Ethereum contract. The attacker accessed the account “0xc49b…” and withdrew 49.5 million USDC, a stablecoin pegged to the U.S. dollar. After the theft, the hacker exchanged the entire amount for DAI, another Ethereum-based stablecoin, and acquired 17,696 ETH. According to on-chain tracking service Lookonchain, the ETH was subsequently transferred to a new wallet address, “0xfcc8…6e49,” which is now under close observation by crypto analysts.
In a tweet, Lookonchain confirmed the hack, stating, “It seems that the stablecoin bank @0xinfini was hacked and 49.5M $USDC was stolen. The hacker swapped 49.5M $USDC for 49.5M $DAI and bought 17,696 $ETH. The 17,696 $ETH was transferred to a new wallet ‘0xfcc8…6e49’.”
The Role of Tornado Cash and the Leak of Private Key
PeckShieldAlert, another blockchain tracking service, provided additional insights, revealing that a community member had flagged suspicious transactions involving Tornado Cash, a privacy tool often linked to money laundering. The tracker suggested that a leak of a private key associated with Infini’s system may have allowed the hacker to bypass security protocols. PeckShieldAlert confirmed that the compromised key, “0xc49b…e3e1,” enabled the attacker to manipulate the platform’s funds. This breach has raised serious concerns about key management practices and vulnerabilities in smart contract security, with the leaked private key appearing to be the hacker’s main entry point, highlighting potential flaws in Infini’s internal controls.
Investigation Underway and Compensation Promised
In response to this incident, Infini has assured its users that their ability to withdraw funds remains unaffected. Despite the gravity of the attack, the neobank has successfully processed all withdrawal requests, totaling over $500,000. Christian Li, the founder of Infini, has reassured users that the investigation into the breach is ongoing, emphasizing the commitment to full compensation for those impacted. Users can feel confident that Infini is taking the necessary steps to address the situation and enhance security measures moving forward.
