Somewhat influential

On February 24, 2025, the cryptocurrency community was once again shaken by a piece of heavy news: Hong Kong stablecoin bank Infini was hacked and lost up to $49.5 million in USDC (US dollar stablecoin). This incident not only caused the Infini platform to fall into a crisis of trust, but also once again sounded the alarm for the entire industry on security issues. Especially in the context of the Bybit exchange just being stolen $1.4 billion, this wave of "hacker season" seems to be particularly fierce.
The incident: From theft to money laundering
According to preliminary analysis by blockchain security companies CertiK and Cyvers, the attack took place at 3:18 am (UTC) on February 24. The hacker exploited a permission vulnerability in the Infini smart contract and successfully transferred 49.5 million USDC. The funds were then quickly converted into 495,000 DAI (another stablecoin), and 17,696 ETH were purchased at an average price of about $2,798, and eventually transferred to a new wallet (address "0xfcc8...6e49"). The whole process was neat and tidy, showing the hacker's superb skills and premeditation. According to the on-chain data tracking platform Lookonchain, the hacker prepared a small amount of ETH as gas fees for the attack wallet through Tornado Cash (mixing service) more than 100 days ago, which shows how well-planned it was.