Infini Offers Hacker 20% of Stolen Funds for Swift Return, Threatens Legal Action
Neobank Infini has issued a public warning to the hacker behind its $49.5 million exploit, offering a 20% bounty for the return of the stolen assets within 48 hours. If the funds are not returned, the company has vowed to take legal action.
Infini, a Hong Kong-based prepaid payments card issuer that provides interest on dollar-pegged stablecoins, revealed it had gathered “critical IP and device information” on the attacker. The exploit wiped out nearly all of the platform’s total value locked (TVL), which had just reached $50 million days prior, according to blockchain security firm PeckShield.
This breach follows another high-profile hack, where Bybit lost $1.5 billion in crypto in one of the industry’s largest exploits.
In a direct blockchain message to the hacker, Infini made its offer clear:
“We are closely tracking the address involved and stand ready to freeze any stolen funds if necessary. To resolve this matter amicably, we are willing to offer you 20% of the stolen assets should you choose to return the funds.”
The neobank emphasized that failure to comply within 48 hours would force it to escalate the case, working alongside law enforcement to pursue the perpetrator.
Blockchain security firm Cyvers attributed the exploit to a developer who retained admin rights over Infini’s smart contract. Months after assisting with the contract’s setup, the developer used these privileges to drain funds, later moving them through the cryptocurrency mixer Tornado Cash.
In response, Infini’s founder, Christian Li, has pledged to personally cover the full loss and has taken full responsibility for the incident.
