Hackers Drain $49 Million in USDC from Infini
Hong Kong-based stablecoin neobank Infini was exploited for $49 million, marking one of the largest crypto hacks of 2025.
According to security firms Cyvers and Blocksec, the attacker manipulated a smart contract linked to Infini, withdrawing $49 million in USDC. The stolen funds were then converted to ETH and funneled through Tornado Cash—a privacy tool often used by hackers.
How the Exploit Happened
Cyvers confirmed that the attacker abused administrative privileges on the contract address (0x9A7), allowing them to drain funds.
According to Infini’s founder, Christian, the breach did not result from a private key leak but rather from an overlooked security loophole.
Company Response and User Compensation
Infini has acknowledged the incident, stating:
"We’re deeply sorry for the concern this causes—our team is working around the clock to investigate and secure all systems."
The company assured users that it still maintains sufficient liquidity and that affected customers will be compensated.
This exploit follows the $1.4 billion Bybit hack just days earlier, highlighting the ongoing vulnerabilities in the crypto sector.
