In the latest blow to the cryptocurrency industry’s security, Infini Neobank has suffered a $49.5 million breach, just days after Bybit’s staggering $1.4 billion exploit. The Infini attack saw funds drained from its platform, converted into Ethereum, and moved to an unknown wallet, raising fresh concerns over private key management and digital asset security.
Blockchain security firm CertiK was among the first to flag suspicious transactions early on February 24. The firm reported unauthorized transfers from an Infini-related Ethereum contract (0x9A79…), where the attacker gained access to the contract’s authority and withdrew 49.5 million USD Coin (USDC).
According to Lookonchain, the stolen USDC was immediately converted into 49.5 million DAI, which was then used to purchase 17,696 ETH at a rate of $2,798 per coin. The attacker subsequently transferred the funds to a new wallet (0xfcc8…6e49), making tracking and potential recovery more difficult.
Infini co-founder Christian (@Christianeth) acknowledged the breach on social media, confirming that customer funds would be reimbursed.
“Please rest assured that we will definitely compensate you and we can afford it,” he wrote.
However, he admitted to mistakes in transferring platform authority, stating,
“My personal private key has not been leaked… I was negligent when transferring the authority before. It is ultimately my responsibility.”
Despite Christian’s assurance that Infini remains liquid and fully capable of covering the loss, the breach raises alarms about centralized control over crypto wallets and the vulnerabilities of neobanks that integrate blockchain-based services.
Bybit Faces Unprecedented $1.4 Billion Security Breach
Infini’s hack follows the largest crypto heist in history, a $1.4 billion attack on Bybit, the world’s second-largest cryptocurrency exchange by trading volume. The breach, which took place on February 21, involved an attacker exploiting smart contract logic to drain Bybit’s multisignature cold wallet. Unlike Infini’s exploit, which stemmed from administrative oversight, Bybit’s security lapse was protocol-based, allowing the attacker to bypass key authentication layers.
Bybit’s CEO Ben Zhou quickly sought to reassure users, stating, “Bybit is solvent even if this hack loss is not recovered, all of clients’ assets are 1-to-1 backed.” Despite these assurances, the exchange has faced an overwhelming surge of withdrawal requests—over 350,000 since the attack—causing delays in processing transactions.
In an effort to recover stolen assets, Bybit has launched a $140 million bounty program, calling on top cybersecurity professionals and blockchain analysts to trace the stolen funds. The firm has also engaged forensic blockchain experts and law enforcement agencies in an attempt to mitigate damages. Some reports speculate that North Korean state-backed hacking groups, such as the Lazarus Group, may be behind the breach, though no formal attribution has been made.
Industry Fallout and Security Implications
The consecutive attacks on Infini and Bybit have rattled the crypto industry, sparking renewed concerns over security vulnerabilities in both centralized and decentralized financial platforms. Infini’s breach highlights the risks of improper key management, while Bybit’s case underscores the potential weaknesses of smart contract execution in high-value transactions.
Both incidents have also led to speculation about regulatory scrutiny and investor confidence. Given the scale of these hacks, industry analysts predict a tightening of security protocols, with exchanges and financial institutions likely to accelerate efforts to implement multi-layered security defenses.
The full extent of the financial and reputational damage to both Infini and Bybit remains uncertain. However, with billions at stake, the pressure is on for crypto firms to fortify their defenses before another high-profile breach shakes the industry once again.
