Author: Infini
On February 24, 2025, around 10:24 AM Beijing time, Infini detected abnormal capital flows. Hackers stole funds through an attack and transferred them to the address 0x3ac96134fb0e42a52d33045aee50b89790f05ed0. Subsequently, the attackers quickly converted assets worth approximately $49.5 million into DAI and ETH, and further transferred the exchanged ETH to the address 0xfcc8ad911976d752890f2140d9f4edd2c64a6e49.
After the incident, the Infini team took emergency response measures immediately, including:
Conducting an in-depth investigation, tracking the flow of funds, and coordinating with security agencies and relevant partners.
Proactively contacting affected customers, informing them of the situation truthfully, and ensuring their rights are not affected.
Urgently reallocating funds to ensure that all customer withdrawal requests can be processed normally.
As of February 26, 2025, 6:00 PM Beijing time, the stolen funds remain at the above address, with no further transfer signs. The Infini platform is operating normally, and all customer withdrawal requests have been fully met. The security team is continuously tracking the flow of funds and cooperating with all parties to recover losses to the best of their ability.
Infini Incident Timeline
Due to Infini's comprehensive internal fund monitoring system, the team responded quickly after the incident, minimizing losses and impacts:
30 Minutes After the Incident
· The Infini internal team detected abnormal capital flows immediately, quickly identified the suspect account, and tracked the attack path based on on-chain data.
1 Hour After the Incident
· Project founder Christian and co-founder Christine promised full compensation on major social media and user communities, ensuring user asset security.
· The team quickly allocated $5 million of its own funds to the Cobo wallet to ensure timely responses to all user withdrawal requests.
· The blockchain security company SlowMist intervened in the investigation and confirmed that the attacker possessed a high level of technical skill, initially assessing the attack method.
2 Hours After the Incident
· Founder Christian publicly stated that the incident was not due to a personal key leak, but rather negligence during the transfer of permissions, and reiterated the commitment to full compensation.
6 Hours After the Incident
· On-chain security analyst ZachXBT posted on X platform, pointing out that the stolen funds had not been fully cashed out within 40 minutes, while questioning the USDC issuer Circle for not intervening in a timely manner.
· Cyvers Alerts monitoring indicated that the hacker exploited historical permission management vulnerabilities, secretly retained contract administrator permissions, and initiated the attack.
12 Hours After the Incident
· Infini officially made a public proposal to the hacker, offering a 20% bounty in exchange for the return of the stolen funds.
24 Hours After the Incident
· Over 98% of affected users have completed communication, and all user withdrawal requests have been responded to.
48 Hours After the Incident
· The Infini team continued to optimize security measures, concentrating core funds into the most secure Cobo wallet, ensuring that payment, transfer, withdrawal, and other operations are functioning normally.
· Internal emergency response continued, with team members analyzing on-chain data overnight, closely cooperating with security companies and judicial institutions to ensure smooth progress of the investigation.
· Currently, Infini is actively assisting the police and collaborating with the blockchain security company SlowMist to conduct judicial investigations and on-chain fund tracking, with significant progress already made. Infini will provide a complete report and explanation of the incident to the community after the investigation is completed.
Latest Developments and Future Plans for Infini
It is worth noting that despite the attack, Infini's core product functions have remained operational and R&D and operational work have not been affected:
· The release of the physical card supporting Apple Pay is still progressing as planned.
· The daily yield mechanism is expected to be optimized within the next 3-4 weeks, ensuring that the yield portion meets the highest security standards.
· On-chain data shows that although some TVL fluctuated after the incident, the trend of new deposit addresses (new users) is stable, and the market remains confident in Infini.
· Community support for Infini is high, with minimal negative voices on social media, and community members generally recognize the team's response measures and handling plans.
Special Thanks
In this incident, Infini received extensive support and goodwill from both within and outside the industry. Du Jun, co-founder of ABCDE, expressed willingness to provide $5 million to $10 million in funding support to help ensure the stable operation of the Infini platform. Additionally, several industry KOLs publicly voiced their support for Infini, praising its transparency and response capabilities during the crisis.
Infini sincerely thanks for this support, especially the understanding and support from the community, users, and industry partners. The team promises to continue to do its utmost to ensure the platform's security and stability and to provide users with higher quality financial services.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
