Since the incident occurred, Infini's core business and user experience have not been affected. The company's payment card system, recharge, and withdrawal services are all operating normally, and user funds are secure.

Author: Infini

Infini officially issued a statement regarding the recent $50 million fund loss incident, confirming that it has taken legal action through the High Court of Hong Kong and has fully strengthened internal governance and security measures to ensure the safety of user assets and the stable operation of the platform. Infini emphasized that since the incident occurred, core business and user experience have not been affected, and the company's payment card system, recharge, and withdrawal services are all operating normally, with user funds secure.

Incident Progress and Legal Action

Infini has filed a lawsuit with the High Court of Hong Kong (case number HCA533/2025) and has sent court documents to the relevant addresses through on-chain information. The lawsuit is against BP SG Investment Holding Limited, a Hong Kong registered company wholly owned by Infini Labs.

According to legal documents, Infini's smart contract originally had multi-signature permissions to ensure the security of fund flows. However, in late February 2025, the company discovered that approximately 49,516,662.977 USDC of cryptocurrency assets had been transferred to multiple unknown wallet addresses without multi-signature approval.

Currently, Infini has taken the following legal measures:

· Applied to the court for an asset freeze order to prohibit the parties involved from transferring or disposing of the relevant funds;

· Requested the relevant wallet controllers to disclose their identities for further tracking of asset flows;

· Applied for permission for extraterritorial service to support legal actions across jurisdictions.

Cause of the Incident and Security Improvement Measures

Infini stated that the core reason for the incident lies in vulnerabilities in permission management. Although the company designed a multi-signature mechanism in the smart contract, certain operations may have retained special permissions, allowing funds to be transferred without formal approval. This incident reflects that as the scale of the enterprise expands and the complexity of asset management increases, technical security and governance mechanisms need continuous improvement.

In response to this situation, Infini is comprehensively upgrading its fund security management system, including:

· Redesigning the smart contract permission architecture to ensure no single point of failure risk;

· Strictly enforcing the multi-signature mechanism, requiring independent approval from multiple management personnel for all fund transfers;

· Introducing third-party security audit agencies to conduct in-depth reviews of all contract codes;

· Establishing a 24/7 on-chain monitoring system to detect and alert abnormal transactions in real-time;

· Completely separating user funds from company operating funds and entrusting them to professional asset custody institutions for management.

User Asset Security and Business Stability

Infini reiterates that this incident primarily affects the company's operating funds, and user deposit assets have not been impacted. The company's payment card system, recharge, and withdrawal services are all operating normally, and users can continue to use all services as usual.

Additionally, to further enhance user confidence, the company plans to launch a series of security and optimization measures, including:

· Further strengthening transaction security management and optimizing risk control processes;

· Increasing platform transparency by regularly publishing security governance and audit reports;

· Continuously optimizing the customer service system to ensure users can receive the latest information in a timely manner.

Industry Insights and Future Development

Infini believes that this incident exposes challenges in technical security and governance structures within the cryptocurrency industry, and companies must pay more attention to security architecture and risk control during rapid development. Key lessons include:

· Technical security and permission management need to be strengthened simultaneously to avoid potential risks from single control points;

· Key smart contracts must undergo strict independent audits by multiple parties to ensure system robustness;

· Risk monitoring and early warning mechanisms need continuous optimization to enhance the detection and response capabilities for abnormal transactions.

Infini is also actively promoting compliance connections with multiple jurisdictions worldwide and plans to complete payment license applications for major markets before the third quarter of 2025.

At the same time, the company is adjusting the management structure of its development team, with specific measures including:

· Strengthening the code review process to ensure that all key contracts are strictly verified before deployment;

· Clarifying development specifications to eliminate unauthorized permission settings and hidden functions;

· Establishing a risk management committee supervised by independent experts for important funding decisions.

Long-term Operations and User Commitment

Despite facing challenges, Infini will continue to execute its product roadmap and plans to launch support for Apple Pay and Google Pay in the second quarter of 2025 while expanding its global market coverage.

Infini stated that this incident will prompt the company to conduct a comprehensive upgrade in security and governance to ensure long-term stable operations and continuously provide users with safe and efficient cryptocurrency payment services.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。