- Infini stablecoin bank lost $49.5M in USDC after a rogue developer exploited admin privileges.
- The attacker swapped USDC for ETH and moved funds through an external wallet.
- Bybit’s $1.46B hack triggered a $6.7B withdrawal wave, sparking renewed concerns over crypto security.
- Calls for stronger DeFi protections grow as industry leaders debate ways to prevent future breaches.
Crypto’s security crisis continues. Just days after the $1.46 billion Bybit hack, stablecoin bank Infini has suffered a $49.5 million loss—this time, reportedly due to an insider exploit.
The @0xinfini contract was attacked, resulting in an estimated loss of $49.5 million. The stolen USDC has now been fully converted into 17,696 ETH and is currently transferred to 0xfcC8Ad911976d752890f2140D9F4edd2c64a6e49.
We will continue to monitor this incident.— Beosin Alert (@BeosinAlert) February 24, 2025
According to Beosin Alert, a former developer who helped build Infini’s smart contract retained admin privileges after handing over the project. More than 100 days later, they used Tornado Cash to fund their wallet, covered gas fees with a small ETH transfer, and drained the entire platform.
How the Exploit Happened
Blockchain security firm Lookonchain confirmed that the attacker swapped the stolen USDC for 17,696 ETH and sent it to an external wallet.
It seems that the stablecoin bank @0xinfini was hacked and 49.5M $USDC was stolen.
The hacker swapped 49.5M $USDC for 49.5M $DAI and bought 17,696 $ETH.
The 17,696 $ETH was transferred to a new wallet “0xfcc8…6e49”.https://t.co/AdAyB3q5LA pic.twitter.com/Rft6ZDtDWO
— Lookonchain (@lookonchain) February 24, 2025
“It seems Infini was hacked, and $49.5M USDC was stolen,” Lookonchain reported. “The hacker swapped USDC for DAI, bought ETH, and moved it to a new address.”
Infini’s founder, Christian Li, took full responsibility for the security oversight, admitting that he failed to revoke the developer’s admin rights before launch.
之前有朋友开玩笑说我这一路也太顺风顺水了,我说已经时刻做好了迎接第一个劫的准备,没想到在bybit之后紧接出事的是自己。
我的个人私钥没有泄漏,不用过度担心,是之前转交权限的时候有疏忽,归根结底是我的责任,这次敲醒了警钟。… https://t.co/7pHxtwD2ZV
— Christian (Building @0xinfini) (@Christianeth) February 24, 2025
“I was negligent when transferring authority before. This is ultimately my responsibility,” Christian wrote on X. “Liquidity is fine, and we will fully compensate affected users.”
He also revealed that law enforcement has been contacted, and the hacker’s computer has been identified.
Bybit Still Reeling After $1.46B Hack, Sees $6.7B Withdrawn
Meanwhile, the shockwaves from Bybit’s record-breaking hack last week are still being felt.
The $1.46 billion breach, allegedly linked to North Korea’s Lazarus Group, led to a massive panic-driven withdrawal wave—with over $6.7 billion pulled from the exchange in just a few days, according to Arkham Intelligence.
*Wakes up. Reads Bybit hack. Falls out of bed and starts frantic morning of moving funds and closing positions.
Terrible day.
If you haven’t played this game before: Everything is fine until it isn’t. They have the funds until they don’t. You can’t see their books. Don’t…
— Makickal (💙,🧡) (@Makickal) February 21, 2025
“I woke up, saw the Bybit hack, and immediately started moving my funds,” wrote a crypto trader on X. “This is war—but in 2025, the battlefield is digital wealth.”
Despite the huge outflows, Bybit has been praised for its transparency and crisis response—in stark contrast to FTX’s 2022 collapse.
Big difference in how you’re handling this compared to with what we’ve seen in history with FTX, Mt Gox, and the likes.
Reason why I put my money on Bybit.
Professional team, not trying to stand out, not create enemies, just doing business and the ability to withstand attacks…
— Astronomer (@astronomer_zero) February 22, 2025
“Big difference from FTX. No corporate silence, no vague PR statements—just straight accountability,” said DeFi investor 0xJeff. “This is a masterclass in crisis management.”
Can Crypto Defend Itself from These Attacks?
The back-to-back hacks of Bybit and Infini have reignited debates about security in both centralized and decentralized finance.
With hacker tactics evolving, calls for stronger DeFi security measures, multi-signature wallets, and better smart contract audits are growing.
Bybit’s $1.46B hack is wild, not just because it’s the biggest since Mt. Gox, but because of how it played out
– Ben and the Bybit team reacted extremely fast, engaging with partners and, most importantly, customers. Within 30 minutes of the hack going public, Ben was on X—not…
— 0xJeff (@Defi0xJeff) February 22, 2025
Industry experts say these attacks are a wake-up call—and unless platforms seriously upgrade their security, it’s only a matter of time before another billion-dollar breach rocks the crypto world.
For now, Infini is working on refunds, Bybit is stabilizing withdrawals, and investors are watching closely to see which exchange or protocol might be next.
