Infini Announces Reward Program to Retrieve Funds Lost in $49 Million Security Breach

Infini Offers Hacker 20% of Stolen Funds, Warns of Legal Action if Not Returned

Hong Kong-based neobank Infini has reached out to the hacker responsible for a $49.5 million exploit, offering 20% of the stolen funds as a bounty if they are returned within 48 hours. Failure to comply, the company warned, would result in legal action.

Infini, which issues prepaid payment cards and provides yield on dollar stablecoin deposits, revealed that it had collected “critical IP and device information” about the attacker. The breach drained nearly all of Infini’s total value locked (TVL), which had just surpassed $50 million days before, according to security firm PeckShield.

The incident comes on the heels of another massive attack in the crypto space, with Bybit suffering a $1.5 billion exploit, marking one of the largest thefts in the industry’s history.

In a blockchain message to the perpetrator, Infini stated:
“We are actively monitoring the address involved and are prepared to freeze any stolen assets if necessary. However, to settle this matter amicably, we are offering you 20% of the stolen funds if they are returned within 48 hours.”

The company stressed that if the hacker does not comply, it will escalate the case in collaboration with law enforcement agencies.

According to blockchain security firm Cyvers, the breach was made possible by a developer who helped set up Infini’s smart contract and secretly retained administrative privileges. Months later, they used these rights to drain the funds, which were then funneled through the crypto mixer Tornado Cash.

In response, Infini’s founder, Christian Li, has taken full responsibility for the incident and pledged to reimburse affected users from his personal funds.