Infini hacker cashes out $16 million in ETH as stolen crypto stash swells to $59 million

A dormant crypto wallet linked to one of the largest exploits of the year has sprung back to life. On 17 July 2025, the wallet associated with the Infini hack began moving funds for the first time since February, when a major security breach drained $49.5 million in USDC from the crypto neobank. The attacker has now begun liquidating part of the stolen funds—at a significant profit—amid rising Ethereum prices. The transactions have reignited concerns over DeFi security, privacy tools like Tornado Cash, and the broader issue of traceability in on-chain crime. Investigators and analysts are closely monitoring the wallet’s activity as more exits may follow. Hacker converts 4,770 ETH amid Ethereum’s price rally On-chain data shows the wallet shifted 4,770 ETH, worth around $16 million at the time, to two separate addresses. One of these transferred 3,000 ETH through Tornado Cash, a privacy protocol often used to obfuscate transaction trails. The other address swapped 1,770 ETH for approximately $5.9 million in DAI, a stablecoin pegged to the US dollar. These are the first observed transactions since the February attack. The transfers appear to be strategic. After converting the stolen USDC into 17,696 ETH at an average price of $2,798, the attacker has benefited from Ethereum’s recent rally. At the current price—above $3,400—the total stash is now worth around $59 million, reflecting a gain of more than $10 million. This suggests the hacker may be looking to lock in profits, though the wallet still retains ETH worth approximately $38 million, indicating the sell-off is far from over. Infini’s recovery hopes dwindle as bounty offer fails Infini’s post-hack attempts to retrieve the stolen funds included a 20% bounty offer and an assurance of no legal repercussions, but the hacker did not respond. With funds now being moved through privacy tools and partially converted into stablecoins, the possibility of recovery appears slimmer than ever. Privacy mixers like Tornado Cash significantly hinder tracing efforts, making further laundering more likely and enforcement more difficult. The attack severely impacted Infini’s operations and reputation. It also raised concerns across the decentralised finance (DeFi) space, particularly regarding access control in smart contracts. Investigations revealed that a developer involved in setting up Infini’s smart contract retained admin privileges. These were later exploited to initiate the transfer of funds out of the platform, underscoring ongoing vulnerabilities in DeFi protocols. One of the largest crypto hacks of 2025 The Infini breach ranks as one of the biggest crypto exploits in 2025, alongside the $1.4 million Bybit hack reported the same month. The breach not only exposed weak governance structures in crypto startups but also renewed scrutiny on how admin permissions are managed. With the recent $16 million movement, the attacker has confirmed their continued access and intent to capitalise on Ethereum’s surge. If further liquidations follow, it could also place short-term selling pressure on ETH prices, although the market has so far absorbed the latest activity without disruption. PeckShieldAlert flagged the transactions on X, drawing renewed attention to the case. As of now, the attacker has not attempted to communicate or respond to any recovery proposals. PeckShieldAlert @PeckShieldAlert · Follow #PeckShieldAlert #Infini Exploiter has transferred 4,770 $ETH (worth ~$16M) to 2 addresses The address 0x7142…fa41 has laundered 3K $ETH via #tornadocash The address 0x762d…F9FB has swapped 1,770 $ETH for ~5.9M $DAI 12:16 PM · Jul 17, 2025 5 Reply Copy link Read 2 replies Meanwhile, the remaining ETH in the wallet suggests more cash-outs may be in the pipeline, particularly if Ethereum continues to gain. The post Infini hacker cashes out $16 million in ETH as stolen crypto stash swells to $59 million appeared first on Invezz

Source: Invezz