Infini Neo-Bank Hit by $50 Million Exploit Due to Privilege Escalation

Crypto security remains a top concern as vulnerabilities persist across digital platforms.

Overview

Infini, a prominent crypto neo-bank, recently suffered a major security breach resulting in a loss of approximately $49.5 million. The exploit, allegedly executed by a former developer, capitalized on retained administrative privileges to illicitly drain funds from the platform.

 Incident Details

Blockchain analytics from Cyvers and an audit report by QuillAudits reveal that the attacker exploited a compromised private key to gain access to an account with elevated permissions. This breach allowed the hacker to initiate two transactions—one for roughly $11.45 million and another for about $38.06 million—targeting the Morpho MEVCapital USDC Vault.

Subsequently, the stolen USDC was swiftly exchanged for DAI and converted into around 17,696 ETH before being routed to another address, presumably in an effort to obscure the asset trail.

Expert Analysis

Smart contract auditing firm QuillAudits attributed the breach to compromised access and privilege escalation, emphasizing that insufficiently revoked administrative rights continue to pose significant risks. A senior blockchain scientist at Cyvers pointed out that maintaining excessive privileges after contract deployment can leave platforms vulnerable to prolonged undetected access—citing that the attacker maintained admin rights for over 100 days before executing the exploit.

Official Response and Remediation

In response to the breach, Infini’s founder Christian Li addressed the incident on social media, acknowledging that earlier lapses in transferring administrative authority had contributed to the vulnerability. Li assured users that the platform’s liquidity remains stable and confirmed that full compensation would be provided if needed. In an unusual move, he also extended an offer to the hacker, proposing to return 20% of the stolen amount if the funds are recovered—an effort to restore trust and encourage the return of the misappropriated assets.

Despite the significant loss, Infini maintained normal operations, with all transfers, deposits, and withdrawals continuing as usual while the investigation is underway.

Industry Implications

The Infini breach underscores a recurring theme in the crypto space: the critical need for robust access control and regular security audits. Experts warn that until crypto projects make stringent security protocols a core priority, similar exploits may continue to plague the industry.

This incident follows a recent high-profile hack at Bybit, where losses amounted to $1.4 billion in Ethereum and related tokens, highlighting a broader challenge in protecting digital assets amid evolving cyber threats.

Conclusion

The $49.5 million exploit at Infini serves as a stark reminder for crypto platforms to reassess and fortify their security measures—especially concerning retained administrative privileges. As the digital asset industry continues to grow, establishing strict access controls and proactive monitoring will be essential to safeguarding investor funds and maintaining market confidence.