Overview of the Incident
Infini, a prepaid payments card issuer based in Hong Kong, has recently found itself at the center of a significant security breach, resulting in a loss of nearly $49.5 million from its wallets. This incident marks one of the most substantial exploits in the cryptocurrency sector, occurring just days after another major hack on Bybit, the second-largest cryptocurrency exchange, which saw nearly $1.5 billion siphoned from its ether cold wallet.
Details of the Exploit
According to cybersecurity firm Peckshield, the hacker was able to drain the majority of the value locked in Infini’s wallets, which had just reached a milestone of $50 million in total assets. Following the exploit, Infini issued a warning to the perpetrator through a blockchain transaction, stating they had gathered critical information regarding the hacker’s IP address and device details.
Efforts for Recovery
In a bid to resolve the situation amicably, Infini has offered the hacker 20% of the stolen assets in exchange for the return of the funds. The neobank has made it clear that they are closely monitoring the wallet associated with the attack and are prepared to take immediate action to freeze any stolen cryptocurrency. They have set a deadline of 48 hours for the hacker to respond, warning that failure to engage will lead them to escalate their investigation in cooperation with law enforcement agencies.
Underlying Issues Revealed
The exploit was reportedly facilitated by a developer who retained administrative rights over the smart contract used by Infini. After more than three months, this individual leveraged those rights to drain funds into a wallet linked to the cryptocurrency mixer Tornado Cash, complicating recovery efforts.
Company Response and Accountability
In light of this unfortunate event, Infini’s founder, Christian Li, has publicly committed to covering the entire loss with his personal funds, taking full responsibility for the breach. This pledge underscores the company’s dedication to its clients and to restoring trust after a significant setback.
Conclusion
As the cryptocurrency landscape continues to evolve, Infini’s experience serves as a stark reminder of the vulnerabilities that can exist within financial technology. The company’s proactive approach to handling the aftermath of this exploit highlights the importance of security measures and accountability in maintaining the integrity of digital finance.
