Bybit isn’t alone in the hot pot right now, as in the latest crypto hack, $50 million is gone from Infini, a Hong Kong-based stablecoin neobank
Security analysts from Cyvers and Blocksec confirmed that Infini was the newest unlucky victim of a major crypto heist, losing about $49 million in USDC.
Code is law, and this time, the code was flawed
An attacker managed to get their hands on some pretty powerful administrative privileges for a smart contract.
They used these privileges to drain the funds from the contract and send them to an address linked to Tornado Cash, a privacy tool often used by bad actors too, to keep crypto transactions under wraps.
The thief then swapped the stolen USDC for ether, making it harder to track.
Inside job?
The interesting part? The contract was allegedly created by the attacker themselves as part of the Infini project, so it’s like they had the keys to the vault all along.
The security firms noted that the exploit didn’t seem to involve a leaked private key, but rather unauthorized access to the contract settings.
Infini’s founder, Christian, assured that there’s no liquidity issue and quickly promised to compensate affected users.
Security practices
This isn’t the first big crypto exploit recently, because just a few days ago, Bybit lost $1.4 billion.
It’s a wild time in the crypto world, and it seems like no one is safe from these sneaky attacks.
So, the next time you hear about crypto security, remember, even the most secure systems can have a weak link somewhere, and in this case, that weak link cost Infini a pretty penny.
In the world of crypto, it’s not just about the tech, but it’s also about who you trust with the keys. Infini’s case is a stark reminder that even with the best intentions, a single misstep can lead to massive losses.
Have you read it yet? Bitcoin will defend South African firm Altvest Capital aginst inflation
Disclosure:This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.
Kriptoworld.com accepts no liability for any errors in the articles or for any financial loss resulting from incorrect information.
