In this article: Infini cryptocurrency neobank was hacked by former engineers hired to create smart contracts;
co-founder took responsibility for failing to secure access;
Infini funds were exchanged for DAI and then #ETH , which was split into multiple addresses, similar to the recent Bybit hack.
hackers withdrew over $49 million #USDC from the Infini stable coin bank. The exploit may be related to insider access to #smart contracts, which the developer retained access to after transferring them to Infini.
administrator access to the smart contracts allowed the exploit to transfer over $49 million USDC from Infini's stablecoin protocol. Infini itself has not explained its response to the exploit or the nature of the hack; Infini is a #cryptocurrency card issuer and accepts collateral in stablecoins to make daily payments.
The funds were reportedly taken from Morpho's MEV Capital Usual USDC vault; the exploit was installed in revenue products. Morpho did not issue an alert or report the lost funds.
The exploit was discovered after a seemingly routine whale transaction, when a new wallet withdrew all the funds locked in the contract. The attacker's wallet is known to Infini, which reportedly commissioned the exploit to create the smart contract. The attacker was unaware of the project and had admin rights, which allowed him to make the call that drained all liquidity.
ALERT today @0xinfini suffered a $49M $USDC exploit because the attacker abused the admin rights he had. Affected
@ The exploiter's immediate action was to exchange money to purchase 17,696 ETH from USDC. The exploiter acted through DAI, which is accessed via a decentralized protocol. The funds were moved via Uniswap, Sky Protocol and 0x Protocol By exchanging USDC as quickly as possible, the hackers were able to move the funds into ETH; ETH is never frozen, only blacklisted by exchanges.
Read us at: Compass Investments