Around 10:24 on February 24, 2025 Beijing time, Infini detected abnormal fund flow. A Hacker stole the funds by attacking and transferred them to Address 0x3ac96134fb0e42a52d33045aee50b89790f05ed0. Subsequently, the attacker quickly converted assets worth approximately 49.5 million US dollars into DAI, ETH, and further transferred the exchanged ETH to Address 0xfcc8ad911976d752890f2140d9f4edd2c64a6e49.

After the incident, the Infini team took emergency response measures for the first time, including:

1. Conduct a thorough investigation, track the flow of funds, and collaborate with security agencies and relevant partners.

2. Proactively contact affected customers and truthfully inform them of the situation, ensuring that their rights are not affected.

3. Emergency Allocation of Funds to ensure that all customer withdrawal needs can be processed normally.

As of 18:00 on February 26, 2025 Beijing time, the stolen funds are still held at the above Address, and there is no further sign of transfer. The Infini platform is operating normally, and all customer withdrawal requests have been fully met. The security team is continuously tracking the flow of funds, cooperating with all parties, and making every effort to recover the losses.

Infini Event Timeline

Thanks to Infini's in-house money monitoring system, the team responded quickly after an incident to minimize losses and impacts:

30 minutes after the incident

· Infini's internal team immediately detected the abnormal fund flow, quickly locked the suspicious account, and traced the attack path based on on-chain data.

1 hour after the incident

· Project founder Christian and co-founder Christine have pledged full reimbursement on major social media and user communities to ensure the security of user assets.

· The team quickly allocated 5 million US dollars of its own funds to inject into the Cobo wallet to ensure timely response to all user withdrawal requests.

· SlowMist, a blockchain security company, intervened in the investigation and confirmed that the attacker had a high level of technology, and preliminarily determined the attack method.

2 hours after the incident

· The founder, Christian, publicly stated that the incident was not due to the leakage of his private key, but an oversight in the process of transferring permissions, and re-emphasized the promise of full compensation.

Incident 6 hours

· On-chain security analyst ZachXBT pointed out in a post on X platform that the stolen funds were not completely cashed out within 40 minutes, and questioned the USDC issuer Circle for not intervening in a timely manner.

· Cyvers Alerts monitoring revealed that Hacker exploited a historical privilege management vulnerability to secretly retain contract administrator privileges and launch an attack.

12 hours after the incident

· Infini officially made a public proposal to the Hacker, willing to provide 20% bounty in return for the return of the stolen funds.

24 hours after the incident

· Over 98% of the affected users have completed communication, and withdrawal requests from all users have been responded to.

48 Hours After the Incident

· The Infini team continues to optimize security measures, transferring core funds to the most secure Cobo wallet to ensure normal operation of payments, transfers, withdrawals, and other businesses.

· The office's internal emergency response continued, with team members working overnight to analyze on-chain data and work closely with security firms and the judiciary to ensure the investigation went smoothly.

· Currently, Infini is actively assisting the police and collaborating with the blockchain security company SlowMist to carry out judicial investigations and on-chain fund tracing work, with significant progress already made. Infini will provide the community with a complete report and explanation of the incident after the investigation is completed.

The latest progress and future plans of the Infini project

It is worth noting that, despite the attack, the core product functions of Infini remain operational, and the research and development and operation work are unaffected:

· The release of physical cards with Apple Pay support continues as planned.

· Daily Yield Mechanism is expected to be optimized within the next 3-4 weeks to ensure the highest level of security for the Yield part.

On-chain data shows that despite some fluctuation in TVL after the event, the growth trend of new deposit Address (new users) is stable, and the market still has confidence in Infini.

· Community support for Infini is high, negative voices on social media are low, and community members generally approve of the team's response and approach.

Special thanks

In this case, Infini has received widespread support and goodwill from both inside and outside the industry. Du Jun, the co-founder of ABCDE, expressed his willingness to provide financial support of $5 million to $10 million to help the sound operation of the Infini platform. In addition, a number of industry KOLs have publicly supported Infini, praising its transparency and ability to respond to crises.

Infini expresses sincere thanks for the support, especially the understanding and support from the community, users, and industry partners. The team promises to continue to work hard to ensure the security and stability of the platform and to provide users with better financial services.

：