Infini responds to $50 million fund loss incident: Strengthening governance mechanisms to safeguard user assets
TechFlow Selected TechFlow Selected
Infini responds to $50 million fund loss incident: Strengthening governance mechanisms to safeguard user assets
Since the incident, Infini's core operations and user experience have been unaffected. The company's payment card system, as well as deposit and withdrawal services, are operating normally, ensuring the safety of user funds.
Navigating Web3 tides with focused insightsAuthor: Infini
Infini has issued an official statement regarding the recent incident involving the loss of $50 million in funds, confirming that legal action has been initiated through the Hong Kong High Court and that internal governance and security measures have been comprehensively strengthened to ensure user asset safety and platform stability. Infini emphasized that since the incident, core operations and user experience have remained unaffected, with the company's payment card system, deposits, and withdrawals functioning normally, and user funds remaining secure.
Incident Update and Legal Actions
Infini has filed a lawsuit with the Hong Kong High Court (Case No. HCA 533/2025) and delivered court documents to relevant blockchain addresses via on-chain messaging. The plaintiff is BP SG Investment Holding Limited, a Hong Kong-registered company wholly owned by Infini Labs.
According to the legal filings, Infini’s smart contracts originally implemented a multi-signature authorization mechanism to safeguard fund movements. However, in late February 2025, the company discovered that approximately 49,516,662.977 USDC in crypto assets had been transferred to multiple unknown wallet addresses without proper multi-signature approval.
To date, Infini has taken the following legal actions:
· Applied to the court for a provisional asset freezing order to prevent the disposal or transfer of the disputed funds;
· Requested disclosure of identities from the controlling parties of the involved wallets to facilitate asset tracing;
· Sought leave for service outside the jurisdiction to support cross-border legal proceedings.
Root Cause and Security Enhancements
Infini stated that the root cause was a vulnerability in permission management. Although the smart contracts were designed with multi-signature safeguards, certain operations retained special privileges that allowed fund transfers without formal approval. This incident highlights the need for continuous improvement in technical security and governance mechanisms as business scale and asset management complexity grow.
In response, Infini is comprehensively upgrading its fund security management framework, including:
· Redesigning the smart contract permission architecture to eliminate single points of failure;
· Enforcing strict multi-signature protocols requiring independent approvals from multiple authorized personnel for all fund transfers;
· Engaging third-party security auditing firms to conduct in-depth code reviews of all smart contracts;
· Implementing a 24/7 on-chain monitoring system to detect and alert on anomalous transactions in real time;
· Fully segregating user funds from corporate operating funds, with custodial management entrusted to professional asset custody providers.
User Asset Safety and Operational Stability
Infini reiterated that the incident primarily impacted corporate operating funds, with no effect on user deposit assets. The company’s payment card system, along with deposit and withdrawal services, continues to operate normally, allowing users uninterrupted access to all platform functionalities.
To further strengthen user confidence, the company plans to roll out a series of protective and optimization initiatives, including:
· Strengthening transaction security management and refining risk control procedures;
· Increasing platform transparency by regularly publishing security governance and audit reports;
· Continuously improving customer support systems to ensure timely communication of updates to users.
Industry Implications and Future Development
Infini believes this incident reveals ongoing challenges within the crypto industry concerning technical security and governance structures. As companies scale rapidly, greater emphasis must be placed on robust security architecture and risk management. Key lessons learned include:
· Technical security and permission controls must evolve in tandem to mitigate risks associated with centralized control;
· Critical smart contracts must undergo rigorous, independent, multi-party audits to ensure system resilience;
· Risk monitoring and early-warning systems require continuous refinement to enhance detection and response to suspicious activities.
Infini is also actively advancing compliance alignment across multiple global jurisdictions and aims to complete applications for payment licenses in key markets by Q3 2025.
Additionally, the company is restructuring its development team management, including:
· Strengthening code review processes to ensure rigorous validation prior to deployment of critical contracts;
· Establishing clear development standards to prohibit unauthorized permissions or hidden functionalities;
· Forming a Risk Management Committee composed of independent experts to oversee major financial decisions.
Long-Term Operations and Commitment to Users
Despite current challenges, Infini remains committed to its product roadmap and plans to launch support for Apple Pay and Google Pay in Q2 2025, while expanding its global market reach.
Infini stated that this incident will drive comprehensive upgrades in security and governance, ensuring long-term operational stability and continuing to deliver secure, efficient cryptocurrency payment services to users worldwide.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@0xinfini
