Infini Money Anonymous Developer Backdoor Vault Theft: Difference between revisions
(Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/infinimoneyanonymousdeveloperbackdoorvaulttheft.php}} {{Unattributed Sources}} thumb|Infini Money Logo/HomepageInfini Money, a crypto payment solution, suffered a major exploit when a rogue developer retained admin privileges and drained $49.5 million from the platform. The hacker used the access to steal USDC, swapped it for DAI, and laundered it through Tornad...") |
(COMPLETE 30 minutes. Reviewed, substantially improved, and sourced the introduction paragraph. Moved post-incident information from reality section to technical details. Added sources and fixed typos in the timeline. Added description for quote in immediate reactions section. Filling in more detailed information on losses and recovery. Spreading around the sources to different article sections. Completed an initial prevention section with policies for individuals, platforms, and regulators.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
{{Unattributed Sources}} | |||
[[File:Infinimoney.jpg|thumb|Infini Money Logo/Homepage]]Infini Money, a crypto payment solution, suffered a major exploit when a rogue developer | [[File:Infinimoney.jpg|thumb|Infini Money Logo/Homepage]]Infini Money, a crypto payment solution, suffered a major exploit when a rogue developer managed to retain admin privileges and later drain $49.5 million from the platform. The hacker used the access to steal USDC, swapped it for DAI, and laundered it through Tornado Cash. Infini's founder, Christian, acknowledged his mistake and pledging to cover the losses. He also offered a 20% bounty for the return of funds. The hacker ignored the offer. The Infini Money project continues to operate, though confidence has almost certainly been shaken. It appears that fund losses have been limited to the project investors. It appears that Christian remains on the hook for the loss personally.<ref name="rektnews-18167" /><ref name="infinioperationupdate-18176" /><ref name="firstthefttx-18177" /><ref name="secondthefttx-18178" /><ref name="infinitwitter-18179" /><ref name="transferwallets-18180" /> | ||
== About Infini Money == | == About Infini Money == | ||
Infini Money is a crypto payment solution designed for the masses, allowing users to make instant crypto payments globally with the Infini Card. It offers daily interest on balances, democratizing access to premium yield opportunities without requiring a physical card. Infini Card users can pay at over 100 million merchants worldwide, both online and offline, using their digital assets, with compatibility for platforms like Apple Pay, Google Pay, and AliPay. Infini emphasizes security, with audited smart contracts and a licensed custody partner, Cobo, ensuring asset protection. The service is globally accessible, free of monthly or annual fees, and includes a virtual card, with a physical card launching soon. | Infini Money is a crypto payment solution designed for the masses, allowing users to make instant crypto payments globally with the Infini Card<ref name="infinihomepage-18172" />. It offers daily interest on balances, democratizing access to premium yield opportunities without requiring a physical card<ref name="infinihomepage-18172" />. Infini Card users can pay at over 100 million merchants worldwide, both online and offline, using their digital assets, with compatibility for platforms like Apple Pay, Google Pay, and AliPay<ref name="infinihomepage-18172" />. Infini emphasizes security, with audited smart contracts and a licensed custody partner, Cobo, ensuring asset protection<ref name="infinihomepage-18172" />. The service is globally accessible, free of monthly or annual fees, and includes a virtual card, with a physical card launching soon<ref name="infinihomepage-18172" />. | ||
Homepage:<ref name="infinihomepage-18172" /> | |||
LinkTree:<ref name="infinilinktree-18171" /> | |||
== The Reality == | == The Reality == | ||
A complete lack of basic access control hygiene. No mandatory privilege transfers. No time-based access expirations. No multi-signature requirements for critical functions. | A complete lack of basic access control hygiene. No mandatory privilege transfers. No time-based access expirations. No multi-signature requirements for critical functions. | ||
| Line 22: | Line 23: | ||
|February 23rd, 2025 5:57:47 PM MST | |February 23rd, 2025 5:57:47 PM MST | ||
|Initial TornadoCash Withdrawal | |Initial TornadoCash Withdrawal | ||
|The attacker withdraws one ETH from TornadoCash. | |The attacker withdraws one ETH from TornadoCash<ref name="transfer1eth-18168" />. | ||
|- | |- | ||
|February 23rd, 2025 7:15:59 PM MST | |February 23rd, 2025 7:15:59 PM MST | ||
| Line 30: | Line 31: | ||
|February 23rd, 2025 8:40:59 PM MST | |February 23rd, 2025 8:40:59 PM MST | ||
|Funds To Second Address | |Funds To Second Address | ||
|Stolen funds start to be moved by the hacker to a second | |Stolen funds start to be moved by the hacker to a second Ethereum wallet address. | ||
|- | |- | ||
|February 23rd, 2025 8:44:00 PM MST | |February 23rd, 2025 8:44:00 PM MST | ||
|LookOnChain Tweet Made | |LookOnChain Tweet Made | ||
|LookOnChain first spotted the anomaly, “A newly created wallet spent 49.5M $DAI to buy 17,696 $ETH at $2,798 in the past hour.” | |LookOnChain first spotted the anomaly, “A newly created wallet spent 49.5M $DAI to buy 17,696 $ETH at $2,798 in the past hour.”<ref name="lookonchaintweet-18169" /> | ||
|- | |- | ||
|February 23rd, 2025 8:53:00 PM MST | |February 23rd, 2025 8:53:00 PM MST | ||
|yieldsandmore Announcement | |yieldsandmore Announcement | ||
|yieldsandmore posts an announcement on Twitter/X where they believe that the Infini smart contract address was hacked into a tornado-sourced address. | |yieldsandmore posts an announcement on Twitter/X where they believe that the Infini smart contract address was hacked into a tornado-sourced address<ref name="yieldsandmoretweet-18170" />. | ||
|- | |- | ||
|February 23rd, 2025 9:48:00 PM MST | |February 23rd, 2025 9:48:00 PM MST | ||
|Christian Post On Twitter/X | |Christian Post On Twitter/X | ||
|Christian posts on Twitter about the recent security issue, reflecting on a previous comment made by a friend about how smooth his journey has been. He admits that after the incident with Bybit, the next issue came unexpectedly from his own situation. Christian clarifies that his private key was not compromised, but a mistake occurred during the delegation of permissions, ultimately making it his responsibility. He expresses gratitude for the support from friends, assures that liquidity is not a problem, and promises full compensation while investigating the funds. He apologizes for causing worry and acknowledges that rebuilding trust will be challenging, but they won't give up. | |Christian posts on Twitter about the recent security issue, reflecting on a previous comment made by a friend about how smooth his journey has been<ref name="infinichristiantweet-18173" />. He admits that after the incident with Bybit, the next issue came unexpectedly from his own situation<ref name="infinichristiantweet-18173" />. Christian clarifies that his private key was not compromised, but a mistake occurred during the delegation of permissions, ultimately making it his responsibility<ref name="infinichristiantweet-18173" />. He expresses gratitude for the support from friends, assures that liquidity is not a problem, and promises full compensation while investigating the funds<ref name="infinichristiantweet-18173" />. He apologizes for causing worry and acknowledges that rebuilding trust will be challenging, but they won't give up<ref name="infinichristiantweet-18173" />. | ||
|- | |- | ||
|February 24th, 2025 3:36:00 AM MST | |February 24th, 2025 3:36:00 AM MST | ||
|Infini Releases Statement | |Infini Releases Statement | ||
|Infini releases a statement on Twitter/X addressing reports of a security breach. They express regret for the concern caused and assure users that their team is actively investigating and securing all systems. The company confirms that all transfers, deposits, withdrawals, and payments are functioning normally. Despite the issue, Infini reaffirms its commitment to its vision of becoming a crypto neo bank and encourages continued progress. | |Infini releases a statement on Twitter/X addressing reports of a security breach<ref name="infinitwitternote-18174" />. They express regret for the concern caused and assure users that their team is actively investigating and securing all systems<ref name="infinitwitternote-18174" />. The company confirms that all transfers, deposits, withdrawals, and payments are functioning normally<ref name="infinitwitternote-18174" />. Despite the issue, Infini reaffirms its commitment to its vision of becoming a crypto neo bank and encourages continued progress<ref name="infinitwitternote-18174" />. | ||
|- | |- | ||
|February 24th, 2025 7:22:00 AM MST | |February 24th, 2025 7:22:00 AM MST | ||
|Bounty Offered To Hacker | |Bounty Offered To Hacker | ||
|The Infini team offers the hacker a 20% bounty in exchange for not pursuing further. They claim to have "critical IP and device information" regarding the exploit. | |The Infini team offers the hacker a 20% bounty in exchange for not pursuing further<ref name="infinitwitteroffer-18175" />. They claim to have "critical IP and device information" regarding the exploit<ref name="infinitwitteroffer-18175" />. | ||
|- | |- | ||
|February 25th, 2025 7:58:00 AM MST | |February 25th, 2025 7:58:00 AM MST | ||
|Fund And Operation Update | |Fund And Operation Update | ||
|Infini shares an update with their community regarding the status of funds and operations. They confirm that Infini's funds are securely stored in the Cobo Custodian Wallet. All Infini Card functions, including transfers, deposits, withdrawals, and payments, remain fully operational. The team is focused on securing the Infini Earn feature, with an estimated 3-4 week timeline to resolve the issue, during which yield distribution will be paused. Infini is actively working with legal authorities and the @SlowMist_Team on the investigation, with progress being made. They thank the community for their patience and support, emphasizing that tough times don't last, but tough people do. | |Infini shares an update with their community regarding the status of funds and operations<ref name="infinioperationupdate-18176" />. They confirm that Infini's funds are securely stored in the Cobo Custodian Wallet. All Infini Card functions, including transfers, deposits, withdrawals, and payments, remain fully operational<ref name="infinioperationupdate-18176" />. The team is focused on securing the Infini Earn feature, with an estimated 3-4 week timeline to resolve the issue, during which yield distribution will be paused<ref name="infinioperationupdate-18176" />. Infini is actively working with legal authorities and the @SlowMist_Team on the investigation, with progress being made<ref name="infinioperationupdate-18176" />. They thank the community for their patience and support, emphasizing that tough times don't last, but tough people do. | ||
|} | |} | ||
== Technical Details == | == Technical Details == | ||
The Infini situation ended in a major exploit where the platform lost $49.5 million due to a rogue developer who maintained admin privileges after completing their work. The hacker, who had patiently waited for months, drained funds from Infini’s vault using privileged access, then laundered the stolen funds through Tornado Cash, converting them to ETH. | The Infini situation ended in a major exploit where the platform lost $49.5 million due to a rogue developer who maintained admin privileges after completing their work. The hacker, who had patiently waited for months, drained funds from Infini’s vault using privileged access, then laundered the stolen funds through Tornado Cash, converting them to ETH. | ||
Beneath the technical jargon and blockchain complexity lies a disappointingly simple truth about Infini's collapse. | |||
"Just blind trust in a faceless developer who built a backdoor, bided their time, and struck when the vault was fattest." | "Just blind trust in a faceless developer who built a backdoor, bided their time, and struck when the vault was fattest." | ||
| Line 68: | Line 71: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
"A friend once joked that I had been having too smooth sailing along the way. I said that I was always ready for the first disaster, but I didn’t expect that I would be the one to run into trouble right after bybit. | Translated from a post originally made by Infini's founder Christian<ref name="infinichristiantweet-18173" />:<blockquote>"A friend once joked that I had been having too smooth sailing along the way. I said that I was always ready for the first disaster, but I didn’t expect that I would be the one to run into trouble right after bybit. | ||
My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility. This has sounded the alarm. | My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility. This has sounded the alarm. | ||
| Line 74: | Line 77: | ||
Thank you friends for your voice and support. There is no problem with liquidity. Full compensation can be paid and the funds are being traced. | Thank you friends for your voice and support. There is no problem with liquidity. Full compensation can be paid and the funds are being traced. | ||
I'm sorry to have worried everyone who trusted us. I know rebuilding trust will be a difficult process, but we won't give up." | I'm sorry to have worried everyone who trusted us. I know rebuilding trust will be a difficult process, but we won't give up."</blockquote> | ||
== Ultimate Outcome == | == Ultimate Outcome == | ||
Infini's founder, Christian, acknowledged his mistake in transferring authority to the developer and pledged to personally cover the losses, especially for significant investors. Despite his efforts, including offering 20% of the stolen amount for the return of funds, the situation ended in a loss for Infini. Many lessons have been highlighted including the importance of proper access control and security protocols. Industry analysts note a hard lesson about the risks of placing too much trust in developers. | Infini's founder, Christian, acknowledged his mistake in transferring authority to the developer and pledged to personally cover the losses, especially for significant investors<ref name="infinichristiantweet-18173" />. Despite his efforts, including offering 20% of the stolen amount for the return of funds<ref name="infinitwitteroffer-18175" />, the situation ended in a loss for Infini. Many lessons have been highlighted including the importance of proper access control and security protocols. Industry analysts note a hard lesson about the risks of placing too much trust in developers. | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
All funds lost have reportedly been investor funds. There are no reported user losses. | |||
There do not appear to have been any funds yet recovered from the hacker in this case. | |||
== Ongoing Developments == | == Ongoing Developments == | ||
The hacker continues to move and swap funds around, and appears to have no intention of engaging with the bounty offered. | The hacker continues to move and swap funds around, and appears to have no intention of engaging with the bounty offered. | ||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals: | {{Prevention:Individuals:No Individual Funds Lost}} | ||
{{Prevention:Individuals:Safe Smart Contract Usage}} | |||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
== Platform Prevention Policies == | == Platform Prevention Policies == | ||
{{Prevention:Platforms: | {{Prevention:Platforms:Regular Audit Procedures}} | ||
{{Prevention:Platforms:Establish Industry Insurance Fund}} | |||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | {{Prevention:Regulators:Platform Security Assessments}} | ||
{{Prevention:Regulators:Establish Industry Insurance Fund}} | |||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
Latest revision as of 18:42, 5 March 2025
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Infini Money, a crypto payment solution, suffered a major exploit when a rogue developer managed to retain admin privileges and later drain $49.5 million from the platform. The hacker used the access to steal USDC, swapped it for DAI, and laundered it through Tornado Cash. Infini's founder, Christian, acknowledged his mistake and pledging to cover the losses. He also offered a 20% bounty for the return of funds. The hacker ignored the offer. The Infini Money project continues to operate, though confidence has almost certainly been shaken. It appears that fund losses have been limited to the project investors. It appears that Christian remains on the hook for the loss personally.[1][2][3][4][5][6]
About Infini Money
Infini Money is a crypto payment solution designed for the masses, allowing users to make instant crypto payments globally with the Infini Card[7]. It offers daily interest on balances, democratizing access to premium yield opportunities without requiring a physical card[7]. Infini Card users can pay at over 100 million merchants worldwide, both online and offline, using their digital assets, with compatibility for platforms like Apple Pay, Google Pay, and AliPay[7]. Infini emphasizes security, with audited smart contracts and a licensed custody partner, Cobo, ensuring asset protection[7]. The service is globally accessible, free of monthly or annual fees, and includes a virtual card, with a physical card launching soon[7].
Homepage:[7]
LinkTree:[8]
The Reality
A complete lack of basic access control hygiene. No mandatory privilege transfers. No time-based access expirations. No multi-signature requirements for critical functions.
What Happened
An anonymous developer who helped to develop the Infini smart contract appears to have retained control, and used this control to withdraw $49.5m USDC of investor funds from the smart contract.
| Date | Event | Description |
|---|---|---|
| February 23rd, 2025 5:57:47 PM MST | Initial TornadoCash Withdrawal | The attacker withdraws one ETH from TornadoCash[9]. |
| February 23rd, 2025 7:15:59 PM MST | Both Theft Transactions | The first theft transaction steals 11,455,666.712564 USDC from the smart contract. The second theft transaction (in the same block) steals 38,060,996.264534 USDC from the smart contract. In the same block, the 49516662.977098 USDC is swapped for 49,516,662.977 DAI. |
| February 23rd, 2025 8:40:59 PM MST | Funds To Second Address | Stolen funds start to be moved by the hacker to a second Ethereum wallet address. |
| February 23rd, 2025 8:44:00 PM MST | LookOnChain Tweet Made | LookOnChain first spotted the anomaly, “A newly created wallet spent 49.5M $DAI to buy 17,696 $ETH at $2,798 in the past hour.”[10] |
| February 23rd, 2025 8:53:00 PM MST | yieldsandmore Announcement | yieldsandmore posts an announcement on Twitter/X where they believe that the Infini smart contract address was hacked into a tornado-sourced address[11]. |
| February 23rd, 2025 9:48:00 PM MST | Christian Post On Twitter/X | Christian posts on Twitter about the recent security issue, reflecting on a previous comment made by a friend about how smooth his journey has been[12]. He admits that after the incident with Bybit, the next issue came unexpectedly from his own situation[12]. Christian clarifies that his private key was not compromised, but a mistake occurred during the delegation of permissions, ultimately making it his responsibility[12]. He expresses gratitude for the support from friends, assures that liquidity is not a problem, and promises full compensation while investigating the funds[12]. He apologizes for causing worry and acknowledges that rebuilding trust will be challenging, but they won't give up[12]. |
| February 24th, 2025 3:36:00 AM MST | Infini Releases Statement | Infini releases a statement on Twitter/X addressing reports of a security breach[13]. They express regret for the concern caused and assure users that their team is actively investigating and securing all systems[13]. The company confirms that all transfers, deposits, withdrawals, and payments are functioning normally[13]. Despite the issue, Infini reaffirms its commitment to its vision of becoming a crypto neo bank and encourages continued progress[13]. |
| February 24th, 2025 7:22:00 AM MST | Bounty Offered To Hacker | The Infini team offers the hacker a 20% bounty in exchange for not pursuing further[14]. They claim to have "critical IP and device information" regarding the exploit[14]. |
| February 25th, 2025 7:58:00 AM MST | Fund And Operation Update | Infini shares an update with their community regarding the status of funds and operations[2]. They confirm that Infini's funds are securely stored in the Cobo Custodian Wallet. All Infini Card functions, including transfers, deposits, withdrawals, and payments, remain fully operational[2]. The team is focused on securing the Infini Earn feature, with an estimated 3-4 week timeline to resolve the issue, during which yield distribution will be paused[2]. Infini is actively working with legal authorities and the @SlowMist_Team on the investigation, with progress being made[2]. They thank the community for their patience and support, emphasizing that tough times don't last, but tough people do. |
Technical Details
The Infini situation ended in a major exploit where the platform lost $49.5 million due to a rogue developer who maintained admin privileges after completing their work. The hacker, who had patiently waited for months, drained funds from Infini’s vault using privileged access, then laundered the stolen funds through Tornado Cash, converting them to ETH.
Beneath the technical jargon and blockchain complexity lies a disappointingly simple truth about Infini's collapse.
"Just blind trust in a faceless developer who built a backdoor, bided their time, and struck when the vault was fattest."
Total Amount Lost
11,455,666.712564 + 38,060,996.264534 = 49516662.977098 or 49517k USDC
The total amount lost has been estimated at $49,517,000 USD.
Immediate Reactions
Translated from a post originally made by Infini's founder Christian[12]:
"A friend once joked that I had been having too smooth sailing along the way. I said that I was always ready for the first disaster, but I didn’t expect that I would be the one to run into trouble right after bybit.
My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility. This has sounded the alarm.
Thank you friends for your voice and support. There is no problem with liquidity. Full compensation can be paid and the funds are being traced.
I'm sorry to have worried everyone who trusted us. I know rebuilding trust will be a difficult process, but we won't give up."
Ultimate Outcome
Infini's founder, Christian, acknowledged his mistake in transferring authority to the developer and pledged to personally cover the losses, especially for significant investors[12]. Despite his efforts, including offering 20% of the stolen amount for the return of funds[14], the situation ended in a loss for Infini. Many lessons have been highlighted including the importance of proper access control and security protocols. Industry analysts note a hard lesson about the risks of placing too much trust in developers.
Total Amount Recovered
All funds lost have reportedly been investor funds. There are no reported user losses.
There do not appear to have been any funds yet recovered from the hacker in this case.
Ongoing Developments
The hacker continues to move and swap funds around, and appears to have no intention of engaging with the bounty offered.
Individual Prevention Policies
This case does not appear to have resulted in a loss to any individual.
Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Rekt - Infini - Rekt (Accessed Feb 28, 2025)
- ↑ 2.0 2.1 2.2 2.3 2.4 Infini Money - "All Infini Card functions—transfers, deposits, withdrawals, and payments—are fully operational." - Twitter/X (Accessed Mar 3, 2025)
- ↑ Transfer Of 11,455,666.712564 USDC From Infini To Hacker (Accessed Mar 3, 2025)
- ↑ Transfer Of 38,060,996.264534 USDC From Infini To Hacker (Accessed Mar 3, 2025)
- ↑ 0xInfini Twitter (Accessed Mar 3, 2025)
- ↑ Transfering ETH Funds To New Wallet By Hacker (Accessed Mar 3, 2025)
- ↑ 7.0 7.1 7.2 7.3 7.4 7.5 Infini Money Homepage (Accessed Mar 3, 2025)
- ↑ Infini Linktree (Accessed Mar 3, 2025)
- ↑ Transfer Of 1 ETH From TornadoCash To Hacker (Accessed Mar 3, 2025)
- ↑ LookOnChain - "A newly created wallet spent 49.5M $DAI to buy 17,696 $ETH at $2,798 in the past hour." - Twitter/X (Accessed Mar 3, 2025)
- ↑ yieldsandmore - "Seems like $50m of @0xinfini Earn Funds just got hacked, into Torn-sourced addy 0x3ac96134fb0e42a52d33045aee50b89790f05ed0. Funds were taken from Morpho MEVCapital Usual USDC Vault." - Twitter/X (Accessed Mar 3, 2025)
- ↑ 12.0 12.1 12.2 12.3 12.4 12.5 12.6 Christian - "A friend once joked that I had been having too smooth sailing along the way. I said that I was always ready for the first disaster, but I didn’t expect that I would be the one to run into trouble right after bybit." - Twitter/X Translation (Accessed Mar 3, 2025)
- ↑ 13.0 13.1 13.2 13.3 Infini Money - "We're aware of reports on a security compromise affecting Infini. We're deeply sorry for the concern this causes - our team is working around the clock to investigate and secure all systems at the moment." - Twitter/X (Accessed Mar 3, 2025)
- ↑ 14.0 14.1 14.2 Infini Money - "We’ve identified critical info regarding the exploit and we’re monitoring involved addresses." - Twitter/X (Accessed Mar 3, 2025)