At around 10:24 on February 24, 2025 (UTC+8), Infini detected unusual fund movement. A hacker stole funds through an attack and transferred them to the address 0x3ac96134fb0e42a52d33045aee50b89790f05ed0. Subsequently, the attacker swiftly converted assets worth approximately 49.5 million US dollars into DAI, ETH, and further transferred the exchanged ETH to the address 0xfcc8ad911976d752890f2140d9f4edd2c64a6e49.

Following the event, the Infini team took immediate emergency response measures, including:

1. Conducting a thorough investigation to trace fund flows and collaborating with security agencies and relevant partners.

2. Proactively contacting affected clients, providing truthful information on the situation, and ensuring client interests are safeguarded.

3. Urgently reallocating funds to ensure all client withdrawal requests can be processed normally.

As of 18:00 on February 26, 2025 (UTC+8), the stolen funds still reside in the aforementioned address with no further signs of transfer. The Infini platform is operating normally, and all client withdrawal requests have been fulfilled. The security team is continuously tracking fund movement and collaborating with various parties to make every effort to recover the losses.

Infini Event Timeline

Due to Infini's robust internal fund monitoring system, the team responded rapidly to the event, minimizing losses and impacts:

Within 30 Minutes of the Incident

· The Infini internal team promptly detected unusual fund movement, swiftly locked the suspicious account, and tracked the attack path based on on-chain data.

Within 1 Hour of the Incident

· Project founder Christian and co-founder Christine publicly committed to full reimbursement on major social media and user communities, ensuring the security of user assets.

· The team rapidly allocated 5 million US dollars of its own funds to inject into the Cobo wallet to ensure timely responses to all user withdrawal demands.

· Blockchain security company SlowMist intervened in the investigation and confirmed that the attacker has a high level of technical expertise, providing initial insights into the attack method.

Incident 2 Hours

· Founder Christian publicly stated that this incident was not due to a personal key leak, but rather due to negligence in the delegation process, reiterating the commitment to full reimbursement.

Incident 6 Hours

· On-chain security analyst ZachXBT posted on X platform pointing out that the stolen funds were not entirely cashed out within 40 minutes, while also questioning USDC issuer Circle for not intervening promptly.

· Cyvers Alerts monitoring showed that the hacker exploited a historical permission management vulnerability, secretly retaining contract administrative rights and launching the attack.

Incident 12 Hours

· Infini's official team made a public proposal to the hacker, offering a 20% bounty as a reward in exchange for the return of the stolen funds.

Incident 24 Hours

· Over 98% of affected users have been contacted, and all user withdrawal requests have been addressed.

Incident 48 Hours

· The Infini team continues to enhance security measures by transferring core funds to the most secure Cobo wallet, ensuring that all operations such as payments, transfers, and withdrawals are running smoothly.

· Emergency response within the office continues, with team members analyzing on-chain data overnight, closely collaborating with security companies and law enforcement agencies to ensure the smooth progress of the investigation.

· Currently, Infini is actively assisting law enforcement and collaborating with blockchain security company SlowMist to conduct a judicial investigation and on-chain fund tracing, with significant progress already made. Infini will provide a comprehensive report and event explanation to the community once the investigation is complete.

Infini Project Latest Developments and Future Plans

Of note, despite the attack incident, Infini's core product features remain operational as usual, and development and operations work remain unaffected:

· The release of the physical card supporting Apple Pay is still proceeding as planned.

· Daily Yield Mechanism is expected to be optimized within the next 3-4 weeks to ensure the highest level of security for the Yield portion.

· On-chain data shows that despite some TVL fluctuation post-event, the growth trend of new deposit addresses (new users) remains stable, indicating continued market confidence in Infini.

· The community's support for Infini is strong, with minimal negative voices on social media, and community members widely acknowledging the team's response measures and solutions.

Special Thanks

During this event, Infini has received extensive support and goodwill from both within and outside the industry. ABCDE's co-founder, Du Jun, has expressed willingness to provide
supporting Infini's platform operations with a funding range from $5 million to $10 million. Additionally, several industry KOLs have publicly voiced their support for Infini, praising its transparency and crisis response capabilities.

Infini sincerely appreciates this support, especially the understanding and backing from the community, users, and industry partners. The team is committed to continue working tirelessly to ensure the platform's security and stability, and to provide users with enhanced financial services.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia