具有秘密管理員訪問的開發人員從加密支付公司Infini盜竊了5000萬美元的盜竊案

安全公司Cyvers報告說，攻擊者曾從事Infini項目的合同開發。

A rogue developer is being accused of stealing nearly $50 million in USD Coin (USDC) from crypto payments firm Infini after secretly keeping administrative access to the platform.

一名流氓開發商被指控從加密貨幣付款公司Infini竊取了近5000萬美元的美元硬幣（USDC），此前秘密地使行政訪問該平台。

Security firm Cyvers reported that the attacker had worked on the Infini project’s contract development. However, instead of fully relinquishing control after completing the project, the developer allegedly retained admin rights, allowing them to exploit the system.

安全公司Cyvers報告說，攻擊者曾從事Infini項目的合同開發。但是，開發人員據稱保留了管理員權利，而不是在完成該項目後完全放棄控制權，從而使他們可以利用該系統。

The attacker began by funding their wallet with 1 Ether (ETH) from Tornado Cash, a cryptocurrency mixing service often used to hide transaction trails. They then transferred $49.52 million in USDC from Infini using a smart contract they had created in November 2024.

攻擊者首先用龍捲風現金的1醚（ETH）為錢包提供資金，這是一種經常用於隱藏交易步道的加密貨幣混合服務。然後，他們使用2024年11月創建的智能合同從Infini轉移了4952萬美元的USDC。

To prevent the stolen funds from being frozen, the attacker quickly swapped USDC for Dai (DAI), a stablecoin that does not have a freeze function. They then converted the DAI into 17,696 ETH and moved the funds to a secondary address.

為了防止被盜的資金被冷凍，攻擊者迅速將USDC換成了DAI（DAI），Dai（Dai）是一種沒有凍結功能的穩定幣。然後，他們將DAI轉換為17,696 ETH，並將資金轉移到次要地址。

Infini Promises Full Compensation Despite Major Breach

儘管嚴重違反了

Despite the attack, Infini did not pause withdrawals. The company’s founder, Christian Li, stated that full compensation would be provided in a worst-case scenario. He also mentioned that $500,000 had been withdrawn from the platform since the theft.

儘管發生了攻擊，但英菲尼仍未停止戒斷。該公司的創始人克里斯蒂安·李（Christian Li）表示，在最壞的情況下將提供全部賠償。他還提到，自盜竊以來，該平台已從該平台撤回了50萬美元。

Shortly after the hack, an Infini team member named Christine appeared to post on X that the team had identified the engineer responsible and reported them to the police. However, she later deleted the tweet.

黑客攻擊後不久，一名名叫Christine的Infini團隊成員似乎在X上發布了該團隊確定了負責的工程師並將其報告給警察。但是，她後來刪除了這條推文。

Infini Exploit Follows Record-Breaking Bybit Hack

Infini漏洞遵循破紀錄的Bybit Hack

Infini’s attack comes just days after Bybit suffered a $1.4 billion hack, the largest crypto theft in history.

Infini的襲擊是在拜比特（Bybit）遭受14億美元黑客（歷史上最大的加密盜竊案）的幾天后。

Following the Bybit hack, concerns spread about possible insolvency at the exchange. However, instead of shutting down withdrawals, Bybit continued operations and promised to cover any unrecovered losses. To handle the crisis, Bybit secured loans from partners and rival exchanges to meet user withdrawals, which totaled over $5 billion according to DefiLlama data.

遵循Bybit Hack，擔心交易所可能的破產。但是，Bybit繼續操作，而不是關閉撤離，而是承諾要彌補任何未償還的損失。為了應對危機，Bybit獲得了合作夥伴和競爭對手交流的貸款，以滿足用戶提款，根據Defillama數據，總計超過50億美元。

On Feb. 24, Bybit CEO Ben Zhou confirmed that the exchange had fully recovered its lost Ether. Blockchain investigator ZachXBT identified North Korea’s state-sponsored hacker group Lazarus as the primary suspect behind the attack. The same hacker wallet linked to Bybit was also tied to previous attacks on Phemex and BingX, both attributed to Lazarus.

2月24日，Bybit首席執行官Ben Zhou確認該交易所已經完全恢復了其丟失的以太。區塊鏈調查員Zachxbt認為朝鮮國家贊助的黑客集團拉撒路是襲擊的主要嫌疑人。與Bybit相關的相同黑客錢包也與以前對Phemex和Bingx的攻擊有關，這都歸因於Lazarus。

Crypto Security Under Fire After Back-to-Back Attacks

背靠背攻擊後著火的加密安全

Besides Infini and Bybit, other crypto firms have also suffered major crypto theft where attackers stole millions in crypto.

除了Infini和Bybit以外，其他加密貨幣公司還遭受了重大加密盜竊案，攻擊者在加密貨幣中偷走了數百萬美元。

On Feb. 12, decentralized lending protocol zkLend lost $9.5 million in an exploit on Starknet, according to Cyvers. The attacker transferred the stolen funds to Ethereum and attempted to launder them through Railgun, a privacy protocol. However, due to protocol restrictions, Railgun returned the funds to the original address.

據Cyvers稱，2月12日，分散的貸款協議Zklend在Starknet的一項漏洞中損失了950萬美元。攻擊者將被盜的資金轉移到以太坊，並試圖通過一項隱私協議Railgun洗錢。但是，由於協議限制，Railgun將資金退還給原始地址。

Cryptocurrency options exchange Deribit also fell victim to hackers. In November 2024, attackers breached one of its hot wallets and stole $28 million. The exchange reported that the hack only affected its Bitcoin (BTC), Ethereum (ETH), and USDC hot wallets. To prevent further losses, Deribit halted all withdrawals, including those from third-party custodians Copper Clearloop and Cobo.

加密貨幣期權交換也成為黑客的受害者。 2024年11月，襲擊者違反了其中一個熱錢包，偷走了2800萬美元。該交易所報告說，黑客只影響了其比特幣（BTC），以太坊（ETH）和USDC熱錢包。為了防止進一步的損失，deribit停止了所有撤離，包括來自第三方託管人銅和Cobo的撤離。