The theft went down methodically. First, the attacker funded their wallet through Tornado Cash. Privacy matters when you’re stealing millions, right? Then, two massive withdrawals: 11.4 million USDC followed by 38 million USDC. The funds quickly transformed into DAI, then into 17,696 ETH. Digital alchemy at its finest.
What’s raising eyebrows? This wasn’t some random exploit. The attack came from an address linked to an original contract developer. More than 100 days passed between project completion and the hack. Talk about playing the long game. Security firm Cyvers connected the dots, triggering questions about potential North Korean involvement. Because who else would wait that long for a payday?
Christian Li, Infini’s founder, admitted dropping the ball on authority transfer protocols. Oops. He promised users would be made whole and assured everyone withdrawals were functioning normally. Sure, nothing to see here except millions walking out the digital door. Users might have been better protected if they’d kept their assets in hardware wallets rather than on the platform.
The market reacted predictably. Ethereum dipped 2% to $2,685, while Bitcoin shed 1% to $96,632. Coming just days after Bybit’s $1.4 billion hack, traders were understandably jittery. The community is drawing parallels to the Bybit incident where hackers exploited a planned transfer operation to compromise cold wallet security. DeFi security seems about as reliable as a paper umbrella in a hurricane.
This incident exposes the dangers of sloppy access management in crypto projects. When developers leave, their access should leave with them. Security experts recommend implementing zero-trust security mechanisms to prevent similar breaches in the future. Private key management matters.
The industry responded with the usual post-hack rituals—blockchain security firms tracing funds, calls for better protocols, recommendations for “zero-trust” mechanisms. Maybe next time, they’ll remember to change the locks when employees leave.
