The founder of Infini, a stablecoin digital bank, Christian Li, has extended a 20% bounty offer to a hacker following a $49.5 million heist.
In a blockchain transaction, Li sent 0.1 ETH to the hacker’s wallet, acknowledging their skills in identifying vulnerabilities in Infini’s protocol.
The message reiterated the company’s offer: if the hacker returns the stolen funds, they can keep 20% as a bounty, with no legal repercussions.
This marks Infini’s second direct message to the hacker. The first message, sent on February 24, the day of the attack, warned that the company was monitoring the compromised wallet and set a 48-hour deadline for a response, threatening further investigation and possible law enforcement action.
Unauthorised transaction
This attack occurred shortly after Infini announced reaching $50 million in total value locked (TVL). Unauthorized transactions linked to an Infini-affiliated contract on Ethereum were identified by blockchain security firm CertiK.
- The attacker exploited a privileged account labeled “0xc49b…” to withdraw 49.5 million USD Coin (USDC), which was then converted to Dai (DAI) and used to purchase 17,696 Ethereum (ETH). The Ethereum was reportedly transferred to a different wallet identified as “0xfcc8…6e49.”
- According to cybersecurity firm Cyvers, the incident was attributed to an insider threat, as a developer setting up Infini’s smart contracts retained administrative rights and later used them to drain funds. The wallet used in the transfer had previously interacted with Tornado Cash, a cryptocurrency mixer known for obscuring transaction trails.
- This method of attack differentiates the Infini breach from other recent high-profile crypto heists, such as Bybit’s, which stemmed from weaknesses in wallet security rather than insider manipulation.
In the aftermath of the attack, Infini’s co-founder assured customers they would be reimbursed. Meanwhile, the company continues to negotiate with the hacker, hoping to recover some stolen funds through the bounty offer.
What you should know
Last month, crypto exchange Bybit fell victim to a “sophisticated attack,” resulting in the theft of Ethereum (ETH) valued at $1.4 billion from one of its offline wallets.
- The breach, described as the largest crypto heist in history, has sent shockwaves through the digital asset industry.
- In a livestream announcement, Bybit’s CEO and co-founder, Ben Zhou, disclosed that hackers stole approximately 401,346 ETH, valued at around $1.4 billion at the time of the theft.
Zhou explained on X that the hacker gained control of one of Bybit’s cold wallets—a type of digital wallet designed to store cryptocurrency offline and theoretically disconnected from the internet.
The stolen funds were then transferred to a “warm” wallet, which is connected to the internet.
