Edited | Cat Brother Wu Blockchain

Background

On February 24, the Web3 credit card and wealth management project Infini was hacked, and $49.5 million worth of funds flowed out of the Morpho MEVCapital Usual USDC Vault. Infini founder Christian said at the time that "70% of the $50 million stolen belongs to my friends, the big players I know, and I have already communicated with them one by one and will personally bear the possible losses. The remaining funds will be reinvested into the Infini vault before next Monday, and everything will be as usual." He also stated that he was willing to pay 20% of the stolen amount as a ransom to the hacker and promised that if the funds were returned, no legal action would be taken.

At 8 pm on February 24, the Infini Team sent an on-chain message to Infini Exploiter 2: 0xfc...6e49:

We hereby notify you that we have obtained key IP and device information about your attack on Infini, thanks to the strong support of top exchanges, security agencies, partners, and our community. We are closely monitoring the relevant addresses and are ready to freeze the stolen funds at any time. To resolve this peacefully, we are willing to provide 20% of the stolen assets as a reward, provided that you choose to return the funds. Once we receive the returned funds, we will stop further tracking or analysis, and you will not face any liability. We urge you to take action within the next 48 hours to reach a solution as soon as possible. If we do not receive your response within the deadline, we will have no choice but to continue cooperating with local law enforcement to thoroughly investigate this incident. We sincerely hope to reach a solution that is most beneficial to all parties.

On February 26, the Infini Team sent another on-chain message to the same address:

More than 48 hours have passed since the attack incident, and we hereby provide you with one last opportunity to return the stolen funds. If you choose to return the funds, we will immediately stop all tracking and analysis, and you will not face any consequences. Please send 14,156 ETH (80% of the stolen funds) to our Cobo custodial wallet:

Wallet address: 0x7e857de437a4dda3a98cf3fd37d6b36c139594e8

On February 27, Christian stated that the Infini hacking incident had been officially filed in Hong Kong.

Regarding the funds, the hacker address 0x3a...5Ed0 exchanged 49.52 million USDC for an equivalent amount of DAI through Sky (MakerDAO) on the 24th, and then exchanged the DAI for approximately 17,700 ETH through Uniswap in multiple transactions, sending them to the new address 0xfcC8Ad911976d752890f2140D9F4edd2c64a6e49. Since then, these funds have not undergone further transfers (presumably the defendant has already been controlled by law enforcement), but due to the recent drop in ETH prices, these ETH are currently only worth $35.15 million.

https://intel.arkm.com/explorer/address/0xfcC8Ad911976d752890f2140D9F4edd2c64a6e49

Litigation Content

At 6 pm on March 20, the Infini Team sent an on-chain message to Infini Exploiter 2: 0xfc...6e49, warning the relevant addresses that the $50 million lost by Infini in the attack is currently in ongoing legal disputes and is controversial, and any subsequent holders (if any) of the cryptocurrencies that were once in the aforementioned wallets cannot claim to be "good faith purchasers".

Additionally, the message included a link to the court litigation documents, with the specific content as follows:

The plaintiff is Chou Christian-Long, the CEO of BP SG Investment Holding Limited, a Hong Kong-registered company wholly owned by Infini Labs. The first defendant is Chen Shanxuan, who works remotely in Foshan, Guangdong, and the second to fourth defendants' true identities are temporarily unknown.

The plaintiff and BP Singapore co-developed a smart contract for managing the company and client funds, which was primarily written by the first defendant. The contract originally had multi-signature (multi-signature) permissions to strictly control any fund withdrawals.

When the contract was deployed to the mainnet, the first defendant allegedly retained the "super admin" highest authority, but lied to other team members that he had "transferred" or "removed" this authority.

In late February 2025, the plaintiff discovered that cryptocurrency assets worth approximately $49,516,662.977 USDC had been transferred to several unknown wallet addresses (controlled by the second to fourth defendants) without multi-signature authorization.

Fearing that the defendants or unidentified individuals would further transfer or launder the assets, the plaintiff applied to the court for:

1. A "restraining order" to restrict the transfer or disposal of the stolen assets by the first defendant and related unidentified persons;

2. Ordering the defendants or actual controllers of the relevant wallets to self-disclose their identities;

3. Issuing various mandatory orders to the first defendant and other unknown wallet holders prohibiting the disposal of the assets;

4. Requesting the disclosure of transaction and asset information from the other party;

5. Allowing the plaintiff to "serve overseas" (i.e., serve legal documents to overseas defendants) and alternative methods of service.

In the text of one of the affidavits, the plaintiff stated: I have just learned that the first defendant has a serious gambling habit and may be burdened with huge debts. I believe this prompted him to steal the assets involved in the case to alleviate his own debt. The plaintiff also submitted screenshots of relevant chat records to prove that the first defendant "may be in huge debt".

According to the statements in the affidavit, the first defendant also borrowed funds from different channels in a relatively short period of time, and even allegedly contacted "underground money houses" or so-called "loan sharks", resulting in the pressure of high interest rates and debt collection calls. Exhibit "CCL-17" mentioned that he sought help from others in chats, saying he was burdened with "interest from several families", and constantly asked if he could borrow more money to get through the difficult times or requested that the other party help introduce new funding sources.

Shortly before the case occurred, the first defendant had revealed in the work group or in private exchanges with colleagues/friends that his financial situation was "very tight", and even expressed anxiety that "if I can't get the money again, something will happen." These statements almost coincided with the time point of the unauthorized transfer of the company's cryptocurrency assets, further strengthening the plaintiff's judgment of the first defendant's "motive": he may have taken the risk due to the pressure of huge debts.

According to the plaintiff's statement, when asked about his personal finances or gambling problems, the first defendant often evaded or gave only vague answers, and was evasive about the exact amount of his debts and whether he was still gambling. The affidavit pointed out that the first defendant claimed "no big problem" from late October to just before the incident, but the content he discussed in the chat software was clearly contradictory to this.

The plaintiff is concerned that if the first defendant is urgently repaying gambling debts or trying to recoup his losses, he may continue to quickly transfer the stolen digital assets to other wallets or cash them out off-chain, making them even harder to trace. Therefore, the plaintiff urgently applied to the court for a global asset freezing order and requested that the first defendant and other unknown wallet holders disclose and return the cryptocurrency assets involved in the case.

Bane, a partner at Kronos Research, said the team still has a lot of outrageous life-related materials that have not been presented in the court documents, but are more or less not directly related to the case, and they are still more focused on recovering the funds themselves. When all the evidence points to someone in a team that everyone used to trust very much, everyone is very surprised. But motive is motive, everything is based on facts, and we believe the law will bring a just result. Until the final gavel falls, he is still a suspect.