When we talk about Web3 applications, 'PayFi' has become one of the most关注的 emerging directions in the financial track over the past two years.
This term is derived from the fusion of 'Payment' and 'DeFi', aimed at bridging the card payment experience of traditional finance with on-chain stablecoin yield accounts, constructing a model for using crypto assets that combines liquidity and yield. Driven by the narrative of 'being able to spend', PayFi projects are attempting to reshape the flow paths and retention logic of assets in a way that is closer to traditional financial users.
From EarlyBird, Swipe, to the recently focused Infini by lawyer Mankun, such projects generally adopt a 'stablecoin account + consumption card + on-chain yield' integrated structure, supplemented by recommendation rebates and other growth mechanisms, attempting to provide users with a financial interaction solution that 'does not require understanding DeFi but can use crypto assets'.
Such a structure on the implementation path combines technical innovation and compliance controversy. Because the closer it is to the essence of traditional financial business, the more complex the regulatory challenges it faces.
So, taking Infini as an example, how is its product structure and business logic constructed? What compliance elements has it attempted, and what potential risk exposures may exist?
*This article conducts compliance analysis of related business models and policy environments based on public information. The content is for research and communication purposes only and does not constitute any investment advice or business promotion.
Infini Core Product Overview
Infini is a Web3 payment financial platform aimed at the global market, with its core positioning to bridge the 'store, earn, spend' paths of users' crypto assets. By integrating stablecoin custody, yield strategy access, and physical consumption channels, it provides users with a way to utilize assets that have on-chain yield attributes without leaving the mainstream payment system.
From an operational structure perspective, Infini itself does not hold on-chain yield protocols or issuing clearing qualifications, but acts as a connecting intermediary, constructing a light operation platform structure through cooperation with third-party custodial service providers, DeFi protocols, and payment networks. This cooperative model that bridges on-chain and off-chain capabilities also represents a relatively common compliance lightweight exploration path in the current PayFi track.
Around this framework, Infini has designed three core functional modules at the front-end service layer, corresponding to asset custody and yield generation, consumption payment execution, and user growth mechanisms. The three are interwoven, forming key support for the platform to achieve a closed loop of product value.
1. Infini Earn
Users can bind their wallets to deposit USDT or USDC into the platform's custodial account, and the system will uniformly use the funds to participate in the yield strategies planned by the platform. Yields are distributed daily, calculated daily, and users can withdraw their principal and realized yields at any time.
The platform has not disclosed detailed strategy parameters but mentions that cooperation partners include Ethena, Morpho, and Usual in the documentation. The yield strategy is touted as a 'delta-neutral structure', achieved through a hedged position combination to realize low volatility yields. The platform itself does not guarantee the strategy results, serving only as a yield channel integrator.
2. Infini Card
Infini provides virtual cards (applicable for binding with Apple Pay, Google Pay, Alipay (overseas Alipay), WeChat Pay, and plans to launch physical card products. The card types are divided into Meow, Rabbit, and Woof, corresponding to different fees and usage frequency scenarios.
All cards are linked to the user's account balance within the platform, and when making payments, the system will automatically complete the exchange between stablecoins and the target settlement currency without user manual operation. Actual settlement is completed through partners, and the official documents do not explicitly disclose the issuing bank or licensed payment clearing institution information.
3. Recommendation and Red Packet Function
Infini has an invitation rebate mechanism and red packet distribution function. Users can invite others to register and recharge by sharing their invitation code to receive USDT or Card cashback rewards, with specific amounts and conditions depending on the card type and recharge amount.
Analysis of Infini's Business Model
As a typical 'bilateral matching' light asset business model, Infini does not simply provide a consumption entry for crypto assets but positions itself as an intermediary connecting on-chain DeFi protocols and ordinary users. On one hand, it provides C-end users with a 'payment + yield' stablecoin application experience through card products and yield accounts; on the other hand, it serves as a channel for bringing in funds and traffic, providing user and capital access capabilities for B-end partners such as DeFi protocols and yield strategy parties.
The core business value of the platform lies not only in abstracting and packaging the on-chain and off-chain processes of 'yield generation' and 'payment usage', but also in achieving revenue monetization in both directions through this intermediary position: charging channel-based service fees to C-end and potentially participating in revenue sharing or obtaining promotional incentives from B-end in forms such as strategy traffic diversion and capital deposits.
1. Sources of Income
Infini's current main sources of income come from two directions:
Service fees paid by end-users
Including activation fees for cards, such as Meow and Rabbit cards at $9.9 each; card transaction fees, such as 0.8% service fee, Rabbit card each non-USD transaction incurs an additional $0.5; exchange rate conversion fees, non-USD consumption conversion fee is 1% to 1.5%, automatically handled by the platform for converting between on-chain assets and settlement currencies.
This portion of fees provides the stable cash flow needed for the platform's operation.
Incentive collaboration of B-end cooperation partners' strategies
The platform has not explicitly disclosed the profit-sharing structure with protocols such as Ethena, Morpho, and Usual, but considering the platform's ability to bring user asset settlement, stable cash flow, and liquidity injection, Infini may have the opportunity to obtain rewards from the protocol side, such as strategy access incentives, TVL growth subsidies, etc.
Additionally, it is not ruled out that future platforms may guide users to open positions or stake on specific DeFi platforms, potentially obtaining intermediary promotional fees.
Overall, Infini, without constructing underlying protocols or holding issuing clearing qualifications, has built a relatively lightweight yet scalable platform business model through standardized C-end service and cooperative B-end resources.
2. Structural Dependence
Infini's business structure highly relies on the compliance and technical capabilities of external service providers, specifically including:
Custodial services. The platform utilizes an account management solution provided by the licensed third-party custodian Cobo; user assets are not held directly by Infini, and the platform itself does not constitute the asset custodian.
Yield strategy execution. Infini does not self-operate any on-chain yield protocols; its yield plans are provided by external protocols, and the platform merely serves as an integrative and transfer front-end interface. If a significant event occurs with the underlying protocol, Infini itself may lack risk buffering mechanisms.
Payment settlement channels. Although Infini provides binding with multiple traditional payment channels, the related clearing services are still completed by cooperating third-party payment institutions, and the platform does not bear direct settlement obligations. Currently, the platform has not publicly disclosed the name of its issuing bank or specific licensed clearing service provider information, only stating that card products operate on the Visa or Mastercard network, with related clearing capabilities and service geographic range potentially uncertain.
This 'highly connected, low licensing' light operation structure, while helping to deploy quickly and control costs, also amplifies dependency on key cooperation nodes. If a core link (such as custody, payment, or protocol end) faces legal, compliance, or operational interruption risks, the platform itself will face significant service continuity and user trust risks.
3. User Yield Mechanism
In the Infini Earn module, users can participate in the on-chain yield plan integrated by the platform by depositing USDT or USDC into the platform's custodial account. The platform adopts a daily interest calculation and daily yield distribution method, creating a low-threshold, no-manual-operation stablecoin yield experience.
According to official documentation, its yield strategy is primarily a 'delta-neutral' structure, achieved by building market-neutral positions through on-chain long and short combinations across different protocols to realize lower volatility annual yields. However, this structure is highly dependent on the safety, liquidity, and strategy execution efficiency of the integrated DeFi protocols (such as Ethena, Morpho, Usual, etc.), and if significant events occur in the underlying protocols, such as liquidation failures, governance attacks, or other operational risks, related losses may be directly transmitted to users' custodial assets.
In terms of contractual liability arrangements, Infini has not made any explicit or implied guarantees regarding user yield results or principal safety; its platform positioning is closer to 'strategy aggregation and channel service provider', responsible for users' funds strategy integration and yield settlement. Although user assets are protected by custody, investment decisions and yield results are borne by users themselves.
This structural design achieves the functional separation of platform revenue rights and responsibilities, allowing Infini to maintain relatively low pressure on overall financial risk bearing. However, it also means that more compliance obligations, investment information disclosure responsibilities, and protocol security assessments are substantially transferred to end users and strategy partners.
Infini Compliance and Risk
As a typical light operation platform in PayFi, Infini's product function design shows its adaptation considerations to the existing financial regulatory framework, especially in aspects like KYC systems, asset custody isolation, and off-chain payment channels, reflecting a certain level of compliance awareness.
Implement real-name KYC system
Infini has strict geographical restrictions at the service entry level. Users are required to complete identity verification when registering, and for certain regions including mainland China, the system will directly block registration during the mobile phone verification stage. The official documents also clearly list unsupported jurisdictions, including countries under international sanctions, such as North Korea, Iran, Cuba, and regulatory-sensitive areas like the United States and mainland China. This 'technical restriction + legal declaration' approach showcases the platform's compliance awareness in KYC, geographical risk isolation, and cross-border regulatory adaptation, while providing identity data support for subsequent card clearing and custody cooperation.
Asset custody and business function isolation
Infini itself does not directly hold user funds but achieves account management of user assets through the licensed third-party custodian Cobo. The platform is only responsible for strategy integration and card service frontend, implementing a structure where 'assets are held by compliant institutions, and the platform does not directly constitute a capital pool', which helps reduce the platform's regulatory sensitivity concerning risks such as fund pooling and illegal fundraising. However, Cobo's custody qualification is limited to specific jurisdictions (such as Singapore), and the legal validity of asset custody may be questionable if users come from uncovered areas (such as the EU).
Card payment paths connect to traditional networks
Infini card products operate on the Visa or Mastercard network and can connect to mainstream consumption channels such as Apple Pay, Google Pay, Alipay, and WeChat. Although the specific issuing institution is not disclosed, compared to platforms that completely rely on on-chain payments or gray settlement channels, Infini completes payment processes through traditional financial networks, which have stronger user acceptance and expected legitimacy of payment behavior.
However, considering the cross-border nature of its service area and the types of assets involved, lawyer Mankun believes that there may also be potential legal uncertainties in several key elements that need the platform's attention and should be noted by PayFi entrepreneurs and compliance teams.
Insufficient information disclosure in payment settlement
Although Infini has clarified that card products connect to the Visa/Mastercard network, it has not publicly disclosed the names of its issuing banks or partnering clearing service providers up to now. If the service scope extends to users in other jurisdictions, the lack of clear cross-border clearing permissions may trigger risks such as insufficient payment service qualifications and unclear compliance with data cross-border transmission, especially in the tightening regulatory Asian market.
Limited transparency in yield strategy, risks outsourced to users
Although the platform claims to adopt a 'delta-neutral' strategy and specifies partners as DeFi protocols such as Ethena, Morpho, Usual, it does not disclose specific yield allocation ratios, fund directions, or stop-loss mechanisms. Under the premise that the platform does not guarantee, users essentially need to bear the risk of strategy execution and protocol contract risks themselves, which may lead to misjudgment of actual risk exposure under the allure of high annualized returns, involving potential 'disclosure obligations for yield inducement'.
The invitation rebate mechanism may touch specific legal jurisdiction regulatory red lines
Infini has a rebate and red packet system based on registration and recharge. Although the reward logic is relatively flat, failing to form a clear hierarchical commission structure, in some jurisdictions, if rebate behaviors are linked to recharge, creating capital guiding paths, they may still be deemed as 'incentive-driven sales' or 'quasi-pyramid structures', constituting sensitive behaviors in financial promotion that need to be cautiously judged and restricted according to different national laws.
Permission management and risk response mechanisms still need to be improved
In March 2025, Infini experienced a major asset security incident, where hackers transferred approximately $50 million USDC from the platform's custodial account through unremoved administrator privileges. Although the platform subsequently issued an on-chain announcement and filed a civil lawsuit in Hong Kong, the incident exposed the platform's technical weaknesses in permission configuration, system isolation, and abnormal transaction monitoring.
Such 'permission control failure attacks' indicate that, although the platform adopts a third-party custodial solution, access to and management permissions of the custodial accounts still highly depend on the platform's own internal security structure and development processes. If the platform does not set permission multi-signatures, automatic risk control freezing mechanisms, a single point failure may pose systemic risks to user assets. Furthermore, the platform currently has not established an emergency compensation mechanism or insurance pool, reflecting that its risk control and user protection systems are still incomplete, which may trigger future regulatory redefinitions of substantial responsibility attribution for custodial systems.
Insights and Recommendations
The Infini case demonstrates the enormous market potential of the PayFi model under the narrative of 'being able to spend', while also exposing multiple challenges faced by such light operation platforms regarding regulatory boundaries, technical security, and responsibility allocation.
For entrepreneurs exploring the 'account + yield + payment' path in the Web3 field, lawyer Mankun recommends focusing on the following five directions when designing business structures and implementation plans:
Platform structure does not equate to liability exemption: light platform ≠ light obligations
Even if the platform does not directly hold assets, does not self-build DeFi protocols, and does not clear funds flow, it still needs to bear information disclosure and risk control responsibilities at critical compliance nodes. Infini's security incident indicates that, even when custodial with a third party, if permission settings are improper, the platform still needs to fulfill the obligations of a 'substantive controller'.
Therefore, entrepreneurs adopting an 'integrated platform' model should clearly disclose in documentation, user agreements, and product designs that the platform does not guarantee or provide assurances, while also establishing a minimum permission system, operational audit chain, and emergency response mechanisms.
Multilateral compliance interfaces need to be considered integratively: cannot only look at licensing
The PayFi model simultaneously involves stablecoin management, yield generation, consumption settlement, KYC identification, data transmission, and cross-border services among multiple compliance modules. Under the trend of increasingly intersecting and integrated regulation, relying solely on a single licensed component (such as custody or clearing) can no longer meet the regulatory expectations across multiple jurisdictions.
Practitioners should take 'compliance design' as the starting point of architectural design, performing multi-dimensional regulatory sorting before selecting service areas (such as Hong Kong, Singapore, UAE, etc.) to avoid mismatches in responsibility where 'business is in one location, risk is in multiple locations'.
Rebates and marketing mechanisms must be evaluated in advance for cross-border compliance
The recommendation rebate mechanism has become a high-frequency tool in the growth of Web3 projects, but when rebate conditions are directly linked to capital recharge, card activation, and other links, some jurisdictions may deem it as a 'quasi-fundraising behavior' or 'incentive-driven sales', constituting unauthorized financial promotion activities and even touching the legal boundaries of multi-level marketing.
When designing related mechanisms, the platform should adapt locally based on compliance requirements of the target market. It is recommended to control incentive proportions and triggering conditions institutionally, striving to avoid cashback or direct stablecoin returns. If necessary, incentives can be converted into points, discounts, non-cash rights, etc., and prominent risk warnings and compliance preconditions (such as KYC completion, regional screening, etc.) should be added to the user interface to address potential legal issues.
The boundaries of responsibility for cross-chain and on-chain processes need to be clarified in advance
PayFi projects often span on-chain DeFi and off-chain card payments, involving logical interactions and responsibility transmissions between multiple systems and protocols. If any link fails, such as contract liquidation or card channel freezing, unclear liability attribution may lead to legal disputes and user trust risks.
Therefore, practitioners should reserve mechanisms for abnormal detection and strategy switching when designing contracts/API calling processes. For example, in the case of abnormal fluctuations in assets, operations can be automatically paused or switched to alternative strategy plans. At the same time, clearly delineating the boundaries of on-chain and off-chain operational responsibilities in user agreements.
Licensing may not be the end, but the starting point
With regions like Hong Kong, Dubai, and Singapore gradually introducing VASP systems and innovative financial frameworks, some entrepreneurs mistakenly view 'applying for a license' as the end of compliance. In reality, a license is only the first step into the regulatory spotlight; subsequent obligations such as business change declarations, daily compliance operations, anti-money laundering audits, and user information retention are the real challenges.
If the platform plans to enter highly compliant market operations, it should establish a 'compliance operation sandbox' before obtaining a license to simulate common regulatory inquiry scenarios (such as user identity tracing, asset source auditing, black market penetration investigations, etc.) and establish risk response capabilities in advance.
/ END.
