Author: Infini
Infini has issued an official statement regarding the recent $50 million fund loss incident, confirming that legal action has been taken through the Hong Kong High Court and comprehensive internal governance and security measures have been strengthened to ensure user asset safety and platform stability. Infini emphasizes that since the incident occurred, core business and user experience have not been affected, with the company's payment card system, deposit, and withdrawal services operating normally, and user funds remaining secure.
Event Progress and Legal Action
Infini has filed a lawsuit with the Hong Kong High Court (Case No. HCA533/2025) and sent court documents to relevant addresses through on-chain information. The plaintiff is BP SG Investment Holding Limited, a Hong Kong-registered company fully owned by Infini Labs.
According to legal documents, Infini's smart contract originally had multi-signature permissions to ensure fund transfer safety. However, in late February 2025, the company discovered that approximately 49,516,662.977 USDC in crypto assets were transferred to multiple unknown wallet addresses without multi-signature approval.
Currently, Infini has taken the following legal measures:
· Applied to the court for an asset freezing order to prevent the involved parties from transferring or disposing of the relevant funds;
· Requested wallet controllers to disclose their identities to facilitate further asset tracing;
· Applied for extraterritorial service permission to support cross-jurisdictional legal actions.
Incident Causes and Security Improvement Measures
Infini states that the core cause of the incident was a vulnerability in permission management. Although the company designed a multi-signature mechanism in the smart contract, certain operations may have retained special permissions, allowing funds to be transferred without formal approval. This incident reflects that as enterprise scale and asset management complexity increase, technical security and governance mechanisms need continuous improvement.
In response, Infini is comprehensively upgrading its fund safety management system, including:
· Redesigning smart contract permission architecture to ensure no single point of failure risk;
· Strictly implementing multi-signature mechanisms, with all fund transfers requiring independent approval from multiple management personnel;
· Introducing third-party security audit institutions to conduct in-depth contract code reviews;
· Establishing 24/7 on-chain monitoring systems to detect and warn of abnormal transactions in real-time;
· Completely separating user funds from company operational funds and entrusting them to professional asset custody institutions.
User Asset Safety and Business Stability
Infini reiterates that this incident primarily affects the company's operational funds, with user deposit assets remaining unaffected. The company's payment card system, deposit, and withdrawal services continue to operate normally, and users can continue to use all services.
Additionally, to further enhance user confidence, the company plans to launch a series of guarantee and optimization measures, including:
· Further strengthening transaction security management and optimizing risk control processes;
· Increasing platform transparency by regularly publishing security governance and audit reports;
· Continuously optimizing the customer service system to ensure users can obtain the latest information promptly.
Industry Insights and Future Development
Infini believes that this incident exposes challenges in technical security and governance structures in the crypto industry, and enterprises must pay more attention to security architecture and risk management during rapid development. Key experiences include:
· Technical security and permission management must be strengthened simultaneously to avoid potential risks from single control points;
· Critical smart contracts must undergo strict multi-party independent audits to ensure system robustness;
· Risk monitoring and warning mechanisms need continuous optimization to enhance abnormal transaction detection and response capabilities.
Infini is also actively promoting compliance with multiple global jurisdictions and plans to complete payment license applications for major markets by the third quarter of 2025.
Simultaneously, the company is adjusting its development team management structure, with specific measures including:
· Strengthening code review processes to ensure all critical contracts undergo strict verification before deployment;
· Clarifying development specifications to eliminate unauthorized permission settings and hidden functions;
· Establishing a risk management committee with independent experts to supervise important fund decisions.
Long-term Operations and User Commitment
Despite challenges, Infini will continue to execute its product roadmap and plans to launch Apple Pay and Google Pay support in the second quarter of 2025 while expanding global market coverage.
Infini states that this incident will drive comprehensive upgrades in security and governance to ensure long-term stable operations and continue providing users with secure and efficient crypto payment services.
