Coming soon

← Back to the graveyard
Infini logo

Infini

Hacked

DeFi · born 2024 · ✝ 2025

A lingering dev privilege let an insider walk off with ~$49.5M.

Infini was a stablecoin-focused neobank and DeFi product on Ethereum. In 2025 a former developer retained admin privileges that were never revoked and used them to drain roughly $49.5M.

Peak
~$49.5M stolen
Cause
Hacked
Year of death
2025

☠️ Cause of death

An overlooked developer privilege was never rotated after offboarding, letting an insider exercise admin control and withdraw funds.

📓 Lessons left behind

  • Revoke and rotate privileges the moment a dev leaves.
  • Admin keys belong behind multisig and timelocks.
  • Audit who can touch funds, not just the code.

🌱 The idea that survived

Privilege hygiene

Reinforced strict access revocation and least-privilege controls over protocol admin rights.

#defi#insider#access-control#admin-key