Infini contract attack incident

ChainCatcher message, Infini has updated the progress of the hacking incident on platform X, disclosing that key information regarding the vulnerability has been identified and that the involved addresses are being monitored.

ChainCatcher message, stablecoin digital bank Infini founder Christian posted on social media, "I know hackers may be monitoring my tweets, so this is my sincere message: I have tried to show that there are still good and responsible people in this industry. I deeply regret my mistakes and will strive to do the right thing for my users.I hope there is a way to recover what we have lost, and I am willing to offer 20% of the stolen amount as a bounty, and I promise that if the funds are returned, I will not take legal action. Regardless, I will continue to love and support this industry."

ChainCatcher message, the stablecoin digital bank Infini announced that, "We are aware of reports regarding a security vulnerability affecting Infini. We sincerely apologize for the concerns this has caused, and the team is currently investigating and securing all systems around the clock.All transfers, deposits, withdrawals, and payments remain normal and operational."

ChainCatcher news, on the X platform, on-chain security analyst ZachXBT stated that in the attack incident involving the crypto payment company Infini, the stolen 50 million USDC was not fully cashed out within 40 minutes.However, Circle, the issuer of USDC, failed to respond promptly during this period, and its claimed "24/7 incident response team" did not intervene in a timely manner.

ChainCatcher message, according to Infini founder Christian's post on X, "Of the 50 million dollars stolen, seventy percent belongs to large friends I know personally. I have already communicated with each of them and will personally bear the possible losses and settle privately. The remaining funds will be reinvested into the infini vault before next Monday, and everything will continue as usual. The funds are ready, and I will respond to any withdrawal requests in the meantime, so please rest assured.I apologize for the need for some time to upgrade and restart the business; everything will proceed under the premise of ensuring the absolute safety of the funds."

ChainCatcher message, Infini founder Christian tweeted that since the theft, the total withdrawal requests have accumulated to $500,000, all of which have been responded to, and many wallets continue to deposit money.Currently, all product consumption and withdrawals are proceeding as usual, the only affected part is the wealth management section (because the contracts have been suspended and no further fund transfers are made to prevent secondary risks), which will require some time to propose and implement a more appropriate solution.

ChainCatcher message, according to Cyvers Alerts monitoring, the attack on Infini was due to hackers secretly retaining administrative privileges.The hackers operated from 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, which was originally developed as part of the Infini project for this contract. However, after the project was delivered, they secretly retained the admin privileges.

ChainCatcher message, Infini founder Christian stated in the community that withdrawals are currently normal, and personal funds will be used to cover first.

ChainCatcher message, Infini founder Christian tweeted: "A friend joked before that my journey has been too smooth, and I said I was always ready to face the first disaster. I didn't expect that after bybit, the next incident would be myself. The personal private key was not leaked; it was a negligence during the transfer of permissions. Ultimately, it is my own responsibility, and this has sounded the alarm. Currently, there are no issues with liquidity, and we can make full compensation. We are investigating the funds."