Christian Li, the founder of Infini, a stablecoin digital bank, made a bold move by reaching out to the hacker responsible for stealing $49.5 million from the company’s wallets. In a surprising turn of events, Li decided to offer a white-hat agreement and a 20% bounty of the stolen funds to the hacker through a blockchain transaction. This gesture showcased Li’s willingness to acknowledge the hacker’s skills in identifying vulnerabilities in Infini’s protocol and his desire to resolve the situation amicably.
The message accompanying the 0.1 ETH transfer to the hacker’s address highlighted the terms of the white-hat agreement proposed by Li. He assured the hacker that no legal action would be taken if they chose to comply and return the stolen funds. This marked the second interaction between Infini and the hacker through a blockchain transaction, with the first warning issued on the day of the hack itself.
Prior to the hack, Infini had reached a significant milestone by locking in $50 million in total value, only to have a substantial portion of it stolen by the hacker. CertiK, a cybersecurity firm, detected suspicious activity on Feb. 24, prompting further investigation into the unauthorized transfers from an Infini-related contract on the Ethereum network. The hacker managed to gain access to a specific account and withdrew $49.5 million in USDC, which was subsequently exchanged for DAI and used to purchase a significant amount of Ethereum.
Following the hack, Infini’s co-founder reassured customers that they would be reimbursed for any losses incurred. The exploit itself was attributed to a developer who had retained administrative rights to the smart contract, ultimately utilizing these privileges to drain the funds to a separate wallet facilitated by a crypto mixer service. This breach highlighted the importance of safeguarding private keys and monitoring access to sensitive accounts to prevent unauthorized transactions.
The response from Christian Li and Infini’s handling of the situation demonstrated a willingness to negotiate with the hacker and explore alternative solutions to recover the stolen funds. By offering a bounty and legal immunity in exchange for the return of the assets, Infini showcased a commitment to resolving the incident while also emphasizing the importance of cybersecurity measures in the cryptocurrency industry.
Overall, the incident served as a stark reminder of the risks associated with digital assets and the need for robust security protocols to protect against malicious actors seeking to exploit vulnerabilities in the system. As the crypto community continues to evolve, incidents like these underscore the importance of transparency, accountability, and proactive measures to safeguard users’ funds and maintain trust in the ecosystem.