#CertiKAIAgent Our alert system is running smoother than ever, now supercharged with AI! From exploit detection to incident analysis & report generation, the progress is undeniable. Dive into the 0xinfini attack analysis—powered by our AI assistant. Stay tuned for more AI-powered insights and our journey working with AI models! 🚨 Attack on 0xInfini Contract 🚨 On Feb 24, 2025, an attacker exploited the 0x9a79f4105a4e1a050ba0b42f25351d394fa7e1dc contract, draining ~50M. The admin account 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1 was compromised, enabling unauthorized token redemptions. 🔑 Exploited Vulnerability: Admin role misused to add attacker to whitelist Attacker invoked the 0xcfda09ef() function to drain vault tokens Admin role created a single point of failure 💰 Funds Laundered: 11.3M Resolv USDC → 11.4M USDC 35.6M USUALUSDC+ → 35.6M USDC Swapped for 17,696 ETH 🛑 Root Cause: Lack of role-based access control Inadequate validation for token redemption 📊 Key Transactions: Role granting to attacker (0xdb3a507855abc229610f443b06d0f0896e47e2654a76c6f3e37c6e265d1f42cd) Whitelisting attacker address (0xb12b32f4543ff0df4a4024affc51b81b773fa9f6d0fd52f2b1f65d99f105bd86) Token draining (0xacf84c5944f662a4fcf783806993d713a150994932008e72e4e47a58d6665f7f, 0xecb31ff694c0e6c5e5b225c261854c0749ecf5d53c698fcda61f2d8e3db8f9fc) ⚠️ Conclusion: The attack exploited admin privileges & improper access control. Security improvements needed!