InfoSecBulletin Cybersecurity for mankind
Days after the biggest crypto hack ever, another platform has experienced a major exploit. Infini Earn, a decentralized stablecoin bank, lost $49.5 million in USDC, making it one of the year’s biggest security breaches in DeFi.
Reportedly a compromised private key led to an attack that stole 11.4 million and 38 million USDC in two separate transactions.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The attacker quickly exchanged the stolen USDC for DAI and then purchased 17,696 ETH. They transferred the funds to a new wallet labeled “0xfcc8…6e49.”
Blockchain analysis indicates that the perpetrator might be someone connected to the initial contract development for Infini.
Reports indicate that the attacker kept admin access to the contract after finishing their work. Over 100 days later, they used Tornado Cash, a crypto mixing service, to hide their identity before carrying out the exploit.
Morpho MEVCapital’s USDC vault was breached, draining funds in two transactions. The hack is thought to have occurred due to unauthorized access to the platform’s private key.
After the attack, Infini Earn’s founder, Christian Li, spoke about the incident on X.
Li accepted responsibility for the security lapse due to improper contract authority transfer, which allowed the exploit to occur.
“There is no problem with liquidity. Full compensation can be paid, and the funds are being traced. I know rebuilding trust will be a difficult process, but we won’t give up,” Li stated.
Li assured users that withdrawals are still available, but financial management operations have been suspended to minimize risks.
He stated that 70% of the stolen funds were from institutional investors and promised to cover the losses personally and resolve the matter privately.
Li announced plans to reinvest the remaining funds into Infini Vault by Monday to restore normal operations.
