Infini Offers 20% Bounty to Hacker for Return of Stolen $49.5M, Threatens Legal Action
Neobank Infini is attempting to recover nearly $50 million in stolen funds by offering the hacker 20% of the loot if the assets are returned within 48 hours. If the attacker refuses, the company has warned of legal action and a continued investigation with law enforcement.
The prepaid payments card issuer, which provides interest on stablecoin deposits, reported that the exploit drained nearly all the value locked in its wallets, just days after surpassing the $50 million TVL milestone, according to blockchain security firm PeckShield.
The breach is the latest in a string of major crypto hacks, following Bybit’s $1.5 billion exploit last week.
In an on-chain message, Infini addressed the hacker directly:
“We have gathered critical IP and device data linked to this attack. We are closely monitoring the wallet activity and are ready to take immediate action to freeze the funds. However, if you return the assets voluntarily, we are prepared to offer you 20% of the total amount.”
Infini gave the perpetrator a strict 48-hour window to comply, warning that failure to do so would result in further legal and investigative measures.
Blockchain security firm Cyvers identified the attacker as a former developer who retained admin access to Infini’s smart contracts. Months after deployment, they used this backdoor to transfer the funds to an address linked to crypto mixing service Tornado Cash.
Christian Li, Infini’s founder, has publicly taken responsibility for the security breach and committed to reimbursing affected users from his personal funds.
