Crypto-focused neobank Infini has reportedly suffered a $49.5 million exploit, with stolen funds being swapped to DAI and used to purchase ETH.
CertiK first flagged suspicious activity on Feb. 24 at 3:18 am UTC, noting unauthorized transfers from an Infini-related contract on Ethereum (ETH). The hacker granted themselves special access to the account “0xc49b…” and was able to withdraw 49.5 million USD Coin (USDC).
We have seen suspicious transfers of funds from unverified contracts on Ethereum 0x9A79f4105A4e1A050Ba0b42F25351D394fA7E1DC
The receiver 0x3ac96134fb0e42a52d33045aee50b89790f05ed0 took ~$49.5M and is swapping them for Dai
Stay Vigilant! pic.twitter.com/MVXyn4fM9o
— CertiK Alert (@CertiKAlert) February 24, 2025
After that, the 49.5 million USDC that had been stolen was exchanged for Dai (DAI) and used to purchase 17,696 ETH. Lookonchain subsequently reported that the Ethereum was moved to a new wallet, “0xfcc8…6e49.”
Following the hack, Infini’s co-founder has assured customers that they would receive their funds back, claiming that the company could afford to pay compensate them. The entire scope of the incident and Infini’s recovery efforts have not yet been officially announced on the company’s website or social media accounts.
“Please rest assured that we will definitely compensate you and we can afford it.
But there are a lot of things to do right now, so I won’t spend any more time trying to calm you down.
I will make progress as soon as possible.
Please believe me and @Christianeth.”
@0xsexybanana, Infini co-founder
Since the breach seems to have been caused by a compromised private key rather than a protocol-level vulnerability, the incident raises questions regarding private key management and smart contract security.
Launched in 2024, Infini neobank positions itself as a link between traditional banking and cryptocurrency finance. A neobank is a digital-only financial institution that operates without any physical branches, offering banking services through mobile apps.
In addition to traditional banking services, Infini provides stablecoin transactions and yield-generating accounts. The platform has witnessed massive popularity since its inception, with a 500% monthly growth rate in active users, according to a Feb. 14 press release.
The Infini hack is the latest in a string of high-profile crypto security breaches. On Feb. 21, Bybit suffered a $1.4 billion exploit, making it one of the largest exchange hacks in history. A hacker manipulated smart contract logic to drain Bybit’s multisig cold wallet. The exchange is currently working with blockchain security firms to try and recover stolen assets and has launched a $140 million bounty.