Infini, a crypto fintech company, has suffered a significant loss of $49 million in USDC following a security breach. The attack was especially shocking because it was carried out by one of the company’s own developers. According to blockchain security firm Cyvers, the developer had maintained secret admin access to the project even after completing their work, which allowed them to carry out the hack. For over 100 days, there were no signs of suspicious activity, but the breach occurred when the hacker funded their wallet using Tornado Cash, a crypto mixer commonly linked with illicit activities.
The hacker initially sent a small ETH transaction to cover gas fees before executing the attack.
This allowed them to drain the entire contract, taking the $49 million in USDC. This breach raises serious concerns about the security of smart contracts and the trustworthiness of developers who are given such significant access to systems. The Infini incident follows closely behind the Bybit hack, where attackers drained over $1.5 billion from the exchange’s wallets, further exacerbating concerns in the crypto industry.
The hack of Infini has left many questioning the security measures surrounding developers’ access to critical systems and the overall trust placed in them. While blockchain technology is praised for its transparency and security, the involvement of an insider highlights the vulnerabilities within the ecosystem. It underscores the importance of implementing stronger security protocols to monitor internal access and ensure that even trusted personnel do not have unmonitored access to sensitive assets.
With the combination of the Infini hack and the Bybit incident happening in such close succession, the crypto community is facing a growing sense of insecurity. These high-profile breaches are making users and investors more aware of the need for robust security systems and greater oversight. As the industry continues to grow, it is clear that more stringent measures and greater accountability will be necessary to prevent further attacks and protect the assets of crypto users.
Reference:
