Hacker Using Infini Exploit Transferring $7.44 Million worth of Ethereum as Cryptocurrency Gains
The hacker responsible for the $49.5 million breach at Infini crypto neobank in February has liquidated part of the stolen assets. According to reports by Arkham Intelligence, the North Korean Lazarus Group is linked to the Bybit hack, but no direct connection has been established between the two incidents.
The hacker sold approximately 1,771 ETH for $7.44 million at around $4,202 per ETH in early August 2025 amid an Ethereum price surge. However, the hacker still holds around 9,154 ETH valued at $38.85 million at current market prices.
Key details on the movements since the breach:
- The hacker exploited admin privileges of a former developer, draining the funds in two transactions and remaining undetected for over 100 days.
- The stolen USDC was converted to Dai (DAI) and then swapped for 17,696 ETH.
- Major transactions include a July 17 movement of 4,501 ETH (~$15 million) sent to Tornado Cash, a privacy tool often used for obscuring transaction trails, following the earlier ETH sale.
- The Infini team pledged full compensation if recovery failed and offered the hacker 20% of the stolen amount for the return of assets. This offer expired on August 13, 2025, but was not accepted.
- The Infini founder has reported the suspected hacker’s computer to police and maintains monitoring of the hacker’s addresses to potentially freeze assets if moved illegitimately.
Crypto market analysts are monitoring stolen asset flows, especially during periods of ETH price increases, as these provide lucrative opportunities to liquidate. The Infini case remains under active monitoring, with investigators tracking remaining holdings and potential attempts to move or cash out funds.
Last year, more than $2.2 billion in crypto was stolen, with half tied to North Korean groups. The Bybit hack is attributed to the North Korean state-sponsored Lazarus Group, but the connection to the Infini hack remains unclear.
The Infini founder, Christian Li, acknowledged the incident publicly and assured users that liquidity remained unaffected and withdrawals would continue. Despite the incident, Infini continues to operate and is working towards recovering the stolen funds.
[1] Arkham Intelligence. (2025). Infini Breach Analysis. [online] Available at: https://arkhamintel.com/breach/infini/
[2] Cyvers. (2025). Infini Breach Investigation Report. [online] Available at: https://cyvers.io/reports/infini-breach-investigation-report
[3] Infini. (2025). Infini Breach Response. [online] Available at: https://www.infini.com/breach-response
[4] Chainalysis. (2025). 2024 Crypto Crime Report. [online] Available at: https://www.chainalysis.com/reports/2024-crypto-crime-report.html
- The stolen assets from the Infini crypto neobank breach have been moving across various cryptocurrency platforms, with a significant portion liquidated on a crypto exchange.
- Infini's case, like many others in the general-news sector, is closely monitored by financial experts, technology analysts, and law enforcement agencies due to its ties to the cybercrime-and-justice landscape.
- The hacker behind the Infini breach has been linked to a series of crypto transactions, including swapping stolen USDC for DAI and later exchanging it for ETH, as reported by sources like Arkham Intelligence and Chainalysis.
- Following the breach, the Infini team has utilized blockchain technology to track the hacker's movements and potentially freeze assets if they are moved illegitimately, demonstrating the importance of this technology in the detection and prevention of crypto-related crimes.
