- Infini hacker converted $49.5M DAI into 17,700 ETH, raising laundering fears.
- Tornado Cash is used to obscure stolen funds, complicating asset recovery efforts.
- Experts stress audits, multi-signature wallets, and user education for security.
The crypto world is freaking out again after two significant breaches involving Infini and Tornado Cash resulted in $49.5 million lost. On February 24, 2025, blockchain security firm PeckShield reported that Infini lost $49.5 million in DAI. The hacker converted the stolen funds into 17,700 ETH and moved them to a new wallet (0xfcc8a…6e49).
In a separate but equally bad news, a private key for the address (0xc49b…e3e1) was leaked, and funds were transferred through Tornado Cash. Both breaches highlight the growing concerns over DeFi vulnerability, especially private key management.
How the Breaches Went Down and Platforms Reacted
The Infini hack started with 49.5 million USDC stolen from the platform. The attacker converted the USDC to DAI and then to ETH. After the conversion, they moved the assets to a new wallet address. Infini founder Christian Li addressed the community and said they would reimburse the affected users. “Don’t worry; we will pay the full amount. The engineer involved has been identified, and a police report has been filed,” Li said.
Meanwhile, PeckShield revealed the Tornado Cash incident. A community member flagged suspicious transactions with the compromised wallet. Investigations showed the hacker funneled funds through Tornado Cash to hide the transaction trail. The stolen assets were then swapped to DAI to stabilize the value of the funds and make recovery more complex.
Security Flaws Everywhere
Both incidents show major security weaknesses. The Infini breach was due to an access control flaw. Tornado Cash was due to leaked credentials. These weaknesses are everywhere in DeFi platforms. Experts say we need to have preventive measures. Regular security audits help detect and fix system flaws before they are exploited. Multi-signature wallets can prevent single points of failure as they require multiple approvals for large transfers.
User education is also key to securing wallets and recognizing scams. Infini’s quick response and cooperation with authorities comforted the affected community. But the timing is alarming as it follows a $1.4 billion Bybit hack just last week. These frequent big hacks call for stricter security and transparency in crypto platforms.
We Need Better Security Standards Now
The recent hacks show we need better protections. Regular security audits are still necessary to detect and fix vulnerabilities. A multi-signature wall provides an extra layer of security, as no one can transfer without multiple approvals. User education on safe wallet practices and how to spot phishing is also essential. Together, these can help strengthen our defenses as the cryptocurrency grows and evolves.
