This incident has heightened concerns about security in the cryptocurrency space.
Hacker Exploited Administrator Rights
According to Beosin Alert, the hack of Infini's contract resulted in the theft of approximately $49.5 million. The stolen USDC stablecoins were quickly converted into 17,696 ETH and transferred to an external wallet.
"It seems that the stablecoin bank @0xinfini was hacked and 49.5M $USDC was stolen.
The hacker swapped 49.5M $USDC for 49.5M $DAI and bought 17,696 $ETH.
The 17,696 $ETH was transferred to a new wallet "0xfcc8…6e49"."
— Christian explained in his statement.
Reports indicate that the attacker was initially involved in developing the contract for the Infini project. However, after completing the project, they secretly retained administrator rights. More than 100 days later, the hacker funded their address through the Tornado Cash mixer. They sent a small ETH transaction for gas and exploited the contract, draining all funds from the platform.
Following the incident, Infini founder Christian Li promised to investigate the situation. He also stated that users can withdraw funds normally and assured that the bank is capable of fully compensating for all lost assets.
"I was always prepared for something like this, but I didn't expect problems to arise right after Bybit… I made a mistake when transferring authority. It's my responsibility. This has become a wake-up call. There are no liquidity issues. Full compensation is possible, and the funds are being tracked," Christian explained in his statement.
Christian reported that the hacker's computer was found and handed over to the police. This incident is another high-profile attack in the decentralized finance (DeFi) sector, reigniting concerns about security vulnerabilities in the industry. It occurred shortly after the devastating attack on Bybit, which resulted in a loss of $1.46 billion.
Bybit Lost Over $6.7 Billion
Despite Bybit's actions in this situation receiving praise, the hack caused panic and a massive withdrawal of funds. Data from Arkham shows an outflow of over $6.7 billion.
The massive capital withdrawal from Bybit reflects growing concerns about the security of exchanges following previous collapses.
"Big difference in how you're handling this compared to with what we've seen in history with FTX, Mt Gox, and the likes. Reason why I put my money on Bybit.Professional team, not trying to stand out, not create enemies, just doing business and the ability to withstand attacks like this." crypto investor Astronomer said in a post.
Despite the massive withdrawals from Bybit, experts argue that the situation is significantly different from the collapse of FTX. AI and DeFi investor 0xJeff noted that Bybit's swift and competent response demonstrated the exchange's resilience. The actions of the Bybit team have reassured some investors, who noted a stark difference between Bybit and FTX, where management errors and internal fraud led to the collapse.
No corporate silence, no vague PR statements — just straightforward accountability. People rushed to withdraw their assets, and all withdrawals were processed as promised by Ben. Many thought it would be FTX 2.0, but instead, we got a masterclass in crisis management, communication, and execution, the investor noted.
