Hackers exploited the Infi Project, a Hong Kong stablecoin neobank, stealing $4.9M USDC via admin privileges. This follows a $1.46B Bybit hack tied to Lazarus Group, raising concerns over crypto security. Despite the breach, Infini Project assured users that transactions remain operational.
Infini: Runway Still Solid
The Hong Kong stablecoin neobank, Infini, confirmed on Feb. 24 that hackers breached its platform and investigations were underway. In a statement shared via X, the neobank said all transfers, deposits, withdrawals and payments remained in normal usage and working status.
Although the Infini statement did not share a figure of funds lost, blockchain security firm Cyvers put the value of stolen USDC stablecoins at $4.9 million. In an alert also shared via X, the security firm said the exploit was “due to an attacker abusing retained administrative privileges.”
“The attacker, operating from 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, had initially developed the contract as part of the Infini project. However, after project delivery, they secretly kept admin rights. After 100-plus days, the attacker funded their address via Tornado Cash, sent a small ETH transaction for gas, and exploited the contract—draining all funds,” Cyvers said in the post.
The attack on Infini comes less than 72 hours after alleged North Korea-backed hackers siphoned digital assets worth $1.46 billion from Bybit in what is being described as the biggest hack in history. As reported by Bitcoin.com News, Lazarus Group initially conducted test transactions to probe vulnerabilities, forged fraudulent transaction signatures before hijacking the exchange’s cold ethereum wallet during a routine transfer.
Since then, the hackers are believed to have cashed out digital assets worth over $140 million, but reports suggest that some of the hackers’ attempts have been blocked. The Bybit hack has once again shone a spotlight on the security systems used by centralized exchanges, which until recently appeared successful in repelling hackers.
The attack on Infini, which prides itself as a secure platform, has jolted cryptocurrency users who are still processing the massive Bybit breach. Reacting to Infini’s statement reassuring users, one social media user questioned why the stablecoin neobank is making promises when it has lost its entire total value locked (TVL).
“How is this possible if you just lost all of your TVL?” asked Samuel, an X user.
However, Infini reassured users it still has a solid runway to operate.
Source: Bitcoin
