The hacker behind the $50 million exploit of the Hong Kong-based stablecoin platform Infini has initiated efforts to launder stolen assets through the sanctioned mixer Tornado Cash. In a tactical move, the attacker also allocated a portion of the stolen funds to purchase Ethereum ($ETH) during a market dip.
On-chain analysis indicates that the perpetrator, a former contractor with Infini, exploited administrative privileges to drain approximately $49.52 million in USD Coin ($USDC). This illicit operation involved converting the stolen funds into 17,696 $ETH, which were subsequently transferred to a secondary address to obscure their origin.
The breach, which transpired in February 2025, was not a conventional external hack but rather an insider job stemming from inadequate access management. Security firm Lookonchain reported that the attacker, who had previously been employed by Infini, retained administrative rights that allowed them to manipulate contract settings and siphon off funds without the need for a private key breach.
Prior to the exploit, the hacker had created a malicious contract in November 2024, waiting for over three months until the protocol”s vault accumulated sufficient assets. Following the theft, the stolen USD Coin was promptly exchanged for Dai ($DAI), a stablecoin characterized by its decentralized nature, which complicates efforts by authorities to freeze or recover illicit funds.
Despite ongoing investigations, the hacker has actively utilized Tornado Cash to sever the on-chain connection between the original and destination addresses of the stolen assets. This action occurs amidst stringent international sanctions levied against the mixer, which is frequently associated with North Korean-linked groups and notorious DeFi hackers seeking to launder their proceeds.
Infini”s founder, Christian Li, has reassured the community that the platform remains solvent and is committed to fully compensating affected users. This incident echoes previous security breaches in the cryptocurrency sector, reminiscent of the Curve Finance bridge exploit, where vulnerabilities led to significant financial losses and swift governance responses.
For continuous updates and insights, readers are encouraged to bookmark DeFi Planet and follow their social media channels for the latest developments in the cryptocurrency landscape.
