具有秘密管理员访问的开发人员从加密支付公司Infini盗窃了5000万美元的盗窃案

安全公司Cyvers报告说，攻击者曾从事Infini项目的合同开发。

A rogue developer is being accused of stealing nearly $50 million in USD Coin (USDC) from crypto payments firm Infini after secretly keeping administrative access to the platform.

一名流氓开发商被指控从密码付款公司Infini中窃取了近5000万美元的美元硬币（USDC），此前秘密地使行政访问该平台。

Security firm Cyvers reported that the attacker had worked on the Infini project’s contract development. However, instead of fully relinquishing control after completing the project, the developer allegedly retained admin rights, allowing them to exploit the system.

安全公司Cyvers报告说，攻击者曾从事Infini项目的合同开发。但是，开发人员据称保留了管理员权利，而不是在完成该项目后完全放弃控制权，从而使他们可以利用该系统。

The attacker began by funding their wallet with 1 Ether (ETH) from Tornado Cash, a cryptocurrency mixing service often used to hide transaction trails. They then transferred $49.52 million in USDC from Infini using a smart contract they had created in November 2024.

攻击者首先用龙卷风现金的1醚（ETH）为钱包提供资金，这是一种经常用于隐藏交易步道的加密货币混合服务。然后，他们使用2024年11月创建的智能合同从Infini转移了4952万美元的USDC。

To prevent the stolen funds from being frozen, the attacker quickly swapped USDC for Dai (DAI), a stablecoin that does not have a freeze function. They then converted the DAI into 17,696 ETH and moved the funds to a secondary address.

为了防止被盗的资金被冷冻，攻击者迅速将USDC换成了DAI（DAI），Dai（Dai）是一种没有冻结功能的稳定币。然后，他们将DAI转换为17,696 ETH，并将资金转移到次要地址。

Infini Promises Full Compensation Despite Major Breach

尽管严重违反了

Despite the attack, Infini did not pause withdrawals. The company’s founder, Christian Li, stated that full compensation would be provided in a worst-case scenario. He also mentioned that $500,000 had been withdrawn from the platform since the theft.

尽管发生了攻击，但英菲尼仍未停止戒断。该公司的创始人克里斯蒂安·李（Christian Li）表示，在最坏的情况下将提供全部赔偿。他还提到，自盗窃以来，该平台已从该平台撤回了50万美元。

Shortly after the hack, an Infini team member named Christine appeared to post on X that the team had identified the engineer responsible and reported them to the police. However, she later deleted the tweet.

黑客攻击后不久，一名名叫Christine的Infini团队成员似乎在X上发布了该团队确定了负责的工程师并将其报告给警察。但是，她后来删除了这条推文。

Infini Exploit Follows Record-Breaking Bybit Hack

Infini漏洞遵循破纪录的Bybit Hack

Infini’s attack comes just days after Bybit suffered a $1.4 billion hack, the largest crypto theft in history.

Infini的袭击是在拜比特（Bybit）遭受14亿美元黑客（历史上最大的加密盗窃案）的几天后。

Following the Bybit hack, concerns spread about possible insolvency at the exchange. However, instead of shutting down withdrawals, Bybit continued operations and promised to cover any unrecovered losses. To handle the crisis, Bybit secured loans from partners and rival exchanges to meet user withdrawals, which totaled over $5 billion according to DefiLlama data.

遵循Bybit Hack，担心交易所可能的破产。但是，Bybit继续操作，而不是关闭撤离，而是承诺要弥补任何未偿还的损失。为了应对危机，Bybit获得了合作伙伴和竞争对手交流的贷款，以满足用户提款，根据Defillama数据，总计超过50亿美元。

On Feb. 24, Bybit CEO Ben Zhou confirmed that the exchange had fully recovered its lost Ether. Blockchain investigator ZachXBT identified North Korea’s state-sponsored hacker group Lazarus as the primary suspect behind the attack. The same hacker wallet linked to Bybit was also tied to previous attacks on Phemex and BingX, both attributed to Lazarus.

2月24日，Bybit首席执行官Ben Zhou确认该交易所已经完全恢复了其丢失的以太。区块链调查员Zachxbt认为朝鲜国家赞助的黑客集团拉撒路是袭击的主要嫌疑人。与Bybit相关的相同黑客钱包也与以前对Phemex和Bingx的攻击有关，这都归因于Lazarus。

Crypto Security Under Fire After Back-to-Back Attacks

背靠背攻击后着火的加密安全

Besides Infini and Bybit, other crypto firms have also suffered major crypto theft where attackers stole millions in crypto.

除了Infini和Bybit以外，其他加密货币公司还遭受了重大加密盗窃案，攻击者在加密货币中偷走了数百万美元。

On Feb. 12, decentralized lending protocol zkLend lost $9.5 million in an exploit on Starknet, according to Cyvers. The attacker transferred the stolen funds to Ethereum and attempted to launder them through Railgun, a privacy protocol. However, due to protocol restrictions, Railgun returned the funds to the original address.

据Cyvers称，2月12日，分散的贷款协议Zklend在Starknet的一项漏洞中损失了950万美元。攻击者将被盗的资金转移到以太坊，并试图通过一项隐私协议Railgun洗钱。但是，由于协议限制，Railgun将资金退还给原始地址。

Cryptocurrency options exchange Deribit also fell victim to hackers. In November 2024, attackers breached one of its hot wallets and stole $28 million. The exchange reported that the hack only affected its Bitcoin (BTC), Ethereum (ETH), and USDC hot wallets. To prevent further losses, Deribit halted all withdrawals, including those from third-party custodians Copper Clearloop and Cobo.

加密货币期权交换也成为黑客的受害者。 2024年11月，袭击者违反了其中一个热钱包，偷走了2800万美元。该交易所报告说，黑客只影响了其比特币（BTC），以太坊（ETH）和USDC热钱包。为了防止进一步的损失，deribit停止了所有撤离，包括来自第三方托管人铜和Cobo的撤离。