Betrayal strikes again in the crypto world. Infini’s stablecoin bank just got robbed of a cool $49 million in USDC, making it the biggest DeFi hack of 2025. The February 24 heist wasn’t some complex code trick. Nope. Just plain old retained admin access. Someone who helped build the place kept the keys.
The attacker didn’t waste time. They swapped the USDC to DAI, then converted it to 17,696 ETH before transferring everything to wallet 0xfcc8…6e49. Slick move. They prepped months in advance, creating a contract back in November 2024 and funding it with 1 ETH from Tornado Cash. Then they waited. Over 100 days of patience before striking the Morpho MEV Capital Usual USDC Vault.
This wasn’t some random hacker. This was an inside job. Someone who helped build Infini’s systems deliberately kept admin control after finishing their work. The use of TornadoCash for anonymity represents a common tactic in high-profile crypto breaches. Co-founder Christine has confirmed the team has sufficient funds to compensate all affected users. Talk about a trust issue. It’s like hiring a locksmith who makes an extra key for your house. The absence of distributed ledger security made the system vulnerable to insider exploitation.
Christian Li, Infini’s founder, stepped up to take the fall. He promised full compensation to users and kept withdrawals open. Brave or stupid? Hard to tell. About $500,000 got pulled out right after the hack went public.
Security firms were all over this. CertiK caught the unauthorized transfers first. Then Cyvers Alerts, PeckShield, and Beosin all chimed in with their two cents. They all reached the same conclusion: admin privilege abuse.
This hack follows the massive $1.46B Bybit exchange heist from just days earlier. There’s a pattern here. Convert, split, disappear. Some are drawing connections to North Korean Lazarus Group tactics.
The DeFi world is shook. Again. Smart contract security, developer screening, access controls – all suddenly priority number one. Users are getting tired of these “oops, we got hacked” moments. Trust is wearing thin. Meanwhile, regulators are licking their chops. New rules incoming. Count on it.
