Original | Odaily (@OdailyChina)

Author | Wenser (@wenser 2010)

Previously, Bybit was hacked for over $150 million in assets, and later the "Web3 Wealth Management" Infini suffered a loss of nearly $50 million in project funds due to private key management issues. According to official personnel, this attack was carried out by an internal engineer, and the official will fully compensate for the relevant losses, and the platform's withdrawal is operating normally.

Previously, Infini had gained high market attention through KOL and crypto community cooperation, such as launching the U card and Spring Festival on-chain red envelope activities. Data shows that the official X platform account just broke through 10,000 followers yesterday, and the platform's TVL exceeded $50 million. After this security incident, it may take some time to rebuild trust.

Odaily will briefly review Infini and this theft incident in this article for readers' reference.

Infini: A Rising PayFi Star with the "Web3 Wealth Management" Concept

According to the official Infini X platform account, the project is committed to building the "next-generation stablecoin digital bank", making it convenient for users to "earn money anytime, anywhere, and pay anytime", targeting the PayFi track and payment + wealth management scenarios.

According to the official website, Infini is a crypto payment method for the general public. Through Infini, users can make instant crypto payments and earn daily interest; there are no monthly/annual fees or regular bank card management fees; virtual cards are currently available, and physical cards will be launched later.

Previously, Infini collaborated with major crypto communities and Chinese KOLs on activities such as "co-branded card fee-free opening", and due to its free card opening fees, online card design, convenient stablecoin recharge, and smooth daily consumption experience, it has gained the favor of many people.

In addition, the Infini team previously launched the "on-chain red envelope" function during the Spring Festival, allowing users to directly send stablecoin red envelopes through links, which was once on par with the exchange red envelope function of exchanges like Binance, and also attracted a lot of traffic by leveraging the holiday heat of the Spring Festival (Odaily note: although the WeChat built-in browser later blocked the Infini red envelope link).

In terms of partners, Infini has also prepared quite a few: including the consumer-level public chain Morpho, the well-known asset management institution COBO, as well as the Ethereum re-pledge protocol and stablecoin protocol Ethena, which are well-known projects in the industry.

Infini's official website partner list

It can be said that Infini's past development has occupied the elements of timeliness, geographical advantages, and human resources.

The timeliness lies in the rise of the PayFi track, and the huge demand gap in the crypto industry for real-life payments. Daily life and Spring Festival holidays are important use cases for crypto payments;

The geographical advantages lie in the diversified income opportunities provided by partners like Morpho. This includes cooperation with on-chain lending protocols (reference Morpho), RWA based on US Treasury bonds (reference Usual), and Delta neutral stablecoin protocols (reference Ethena).

The human resources lie in the industry influence and hands-on promotion of Infini's founder Christian and team members like Junzhu. Especially as an NFT whale, on-chain crypto player, and active angel investor and co-founder of capital institutions, Christian's early promotion has greatly helped Infini find its first batch of seed users.

Unfortunately, "success and failure are both due to Xiaohe", and the fortress of revolution is always breached from within. This security incident faced by Infini was mainly due to problems in the "human resources" link, according to the previous disclosure of Infini co-founder Junzhu, it was an internal engineer who acted maliciously (Odaily note: this tweet has been deleted).

$50 Million Theft Incident: Internal Villain, Project Founder Pays the Bill

Around 11 a.m., according to Certik Alert monitoring, the Ethereum contract 0x9A79f4105A4e1A050Ba0b42F25351D394fA7E1DC appeared abnormal fund transfers, and the receiving address 0x3ac96134fb0e42a52d33045aee50b89790f05ed0 received about $49.5 million and is converting the funds into the stablecoin Dai. Specifically, the account 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1 was hacked, and the address 0x8e9b was granted the authority to withdraw all funds, and the attacker has converted all the funds into 17,696 ETH (worth $49 million).

Subsequently, this news was cross-verified by the security agency Peckshield. According to Peckshield's monitoring, the funds stolen from Infini were transferred to a wallet provided by Tornado Cash and converted into DAI, and the 0xc49b wallet's private key may have been compromised.

Subsequently, Infini founder Christian responded on the X platform in a timely manner:

• "Still sorting out and tracking the details, withdrawal is normal, in the worst case scenario full compensation will be made, you can rest assured."

• "My personal private key has not been leaked, no need to worry too much, there was some negligence when transferring the authority before, ultimately it is my responsibility, this has awakened the alarm bell. Thank you all for your voice and support, there is no problem with liquidity, we can fully compensate, and we are tracking the funds."

• "From the theft to now, the cumulative withdrawal request of @0x infini is $500,000, all of which have been responded to, and there are even many friends who continue to deposit money. Currently, all consumption and withdrawal of the product are normal, the only affected part is the wealth management part (because the contract has been suspended and no funds have been transferred, to prevent secondary risks), and it will take some time to come up with and implement a more appropriate solution."

The latest message came about 30 minutes ago, he said: "Of the $50 million stolen, 70% belongs to my friends who are big holders, I have already communicated with them one by one and will personally bear the possible losses and settle privately, the remaining funds will be reinvested into the infini vault before next Monday, business as usual.I have prepared the funds, and I will respond to any withdrawal requests during this time. Sorry, it will take some time to upgrade and restart the business, everything will be done under the premise of ensuring absolute safety of the funds.

Christian is already well-known in the industry, and he also stepped up during the Curve founder's liquidation turmoil, taking over a portion of the CRV tokens through OTC, preventing further expansion of the Curve ecosystem risk. Of course, the rebound in the CRV token price has also become a particularly eye-catching case in his crypto investments.

I believe that the $50 million theft incident of Infini can be properly handled, after all, PayFi is still the current industry hot spot and real demand track.

Aftermath of the Infini Theft Incident: Big Shots Speak Up, the Community Unites Against the Enemy

After the Infini fund theft incident, the crypto community has also responded from different levels, and the main reactions come from the following 2 aspects:

Community Retail Investors: Infini Stolen, CHEEMS Affected

As a representative figure and token holding whale of the CHEEMS community, a BSC Meme project, Christian has long been seen as the "community spokesperson". In early February, he posted that "it can now be confirmed that Binance charges 0 listing fees for Memecoins, and I have just locked up all my CHEEMS tokens to express my support for the BNB Chain and the project." Subsequently, LookonChain monitored that Christian had indeed locked up 86.4 trillion Cheems tokens for six months, with the token value at the time being about $9.12 million.

After the Infini theft incident, CHEEMS suffered a panic sell-off, at one point dropping below $0.00000085, and is currently trading around $0.00000088, with a market cap of around $190 million. In his latest response, Christian said: "I have locked up most of my Cheems positions, and have also bought several million tokens on Binance, which I will not touch. The Infini compensation will not use a penny of Cheems, and I believe these coins will one day be worth five billion dollars. Money can be earned again, but reputation cannot. If we believe we are creating a company worth hundreds of billions in the future, how can we be stopped by the stumbling blocks on the growth path?" This demonstrates his strong confidence in the future development of Infini and CHEEMS.

Du Jun's Support: Willing to Invest $5-10 Million

After the Infini theft incident, ABCDE co-founder Du Jun, who had previously voiced support for Bybit, posted: "Infini's problem is not big, I've talked to the team, and their operational thinking, marketing, and financial strength are all good. Losing a little money is a lesson, and strengthening security capabilities is better than losing a lot of money when the project grows bigger. If needed, I can give 5-10 million, I'm eager to invest." Infini founder Christian also expressed his gratitude for this.

Summary: Temporary Setback, Won't Affect Future Growth

Currently, the theft incident faced by Infini is only a temporary setback. Of course, this incident has also sounded the alarm bell for the Infini team, the PayFi track, and the entire crypto industry. As OneKey founder Yishi said: "Maintain awe for security, don't give yourself a chance to make mistakes, don't leave any loopholes for internal or external malice, and be willing to invest heavily in security, otherwise don't do it."

I believe that after experiencing the security incident, no one will fail to learn the lesson, and this is the price to be paid for running faster in the future. I look forward to the good development of Infini going forward.