Christian Li, founder of Stablecoin Digital Bank Infini, left a separate message to hackers on a blockchain transaction, reviving a white hat deal and 20% of stolen funds.
Lee moved 0.1 ETH to the hacker’s address. The hacker’s address was responsible for stealing $49.5 million from Infini’s wallet. In the message that comes with the deal, Christian recognized the hacker’s skills in identifying vulnerabilities in Neobank’s protocol, proposed a white hat deal, and offered 20% of the assets stolen by the hacker as a prize. Additionally, he assured the hackers that legal action would not be taken if they were returned in compliance with the funds.
Source: Etherscan
This is the second message Infini sent a hacker in a blockchain transaction. On February 24, when the hack occurred, Infini warned the hackers, saying it was monitoring the address in question, and was ready to steal stolen funds if necessary. They also said they would provide a 20% prize money for the return of stolen assets and give hackers a 48-hour response, otherwise it would lead to ongoing investigations with law enforcement.
Important Update:
We identify important information about the exploit and monitor the relevant addresses. pic.twitter.com/xqzwryg4cs
– Infini (@0xinfini) February 24, 2025
You might like it too: Is the functional tornado cash developer guilty?
The hacker stole $49.5 million from Infini’s wallet. A few days before the hack, Infini announced it had reached a locked $50 million total of $50 million.
Certik first identified suspicious activity on February 24th, noting the unauthorized transfers from Infni-related contracts regarding Ethereum. The hacker has gained special access to the account “0xc49b…” and withdrawn the USD 49.5 million coins (USDC). The stolen funds were exchanged for DAI (DAI) and used to purchase 17,696 Ethereum (ETH). LookonChain later reported that Ethereum had moved to a new wallet called “0xfcc8…6e49.” Following the hack, Infini’s co-founders have assured customers that they will be refunded.
According to Cyvers, the exploit occurred because the developer who helped set up the smart contract retained the administrator’s rights. Three months later, the developers used these rights to drain the funds into a wallet funded through Crypto mixer Tornado Cash. So, the violation appears to have been caused by a compromised private key, as in contrast to a vulnerability in the wallet infrastructure, as in the case of Bybit hacks.
Alert🚨Today, @0xinfini received a $409 million USDC exploit for abuse of retained administrative privileges by the attacker.
The attacker, running from 0xC49B5B9DA66B9126C1A62E9761E6B2147DE3E1, first developed the contract as part of the INFINI project. However, afterwards…pic.twitter.com/olguoyncjr
– 🚨Cyber Alerts🚨 (@cyversalerts) February 24, 2025
You might like it too: Infini Neobank reportedly suffers from a $49.5 million hack
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
