Hacker Behind $50M Infini Breach Emerges to Purchase $13M in ETH During Price Decline
After remaining dormant for several months, the cryptocurrency wallet associated with the Infini protocol's $50 million security breach has emerged to acquire Ether as prices plummeted during recent market volatility.
A cryptocurrency wallet associated with the $50 million security breach at Infini has re-emerged almost one year following the incident, purchasing Ether during the previous week's price decline before transferring the cryptocurrency through a mixing service.
The wallet address tagged as belonging to the Infini exploiter acquired $13.3 million in Ether (ETH) while the cryptocurrency's value fell to $2,109, subsequently moving the digital assets to the Tornado Cash crypto mixing protocol, based on information from blockchain analytics platform Arkham.
"He seems very good at buying low and selling high," blockchain tracking service Lookonchain said in a Monday X post.
This activity represents the wallet's initial recorded movements since August 2025, during which the identical address disposed of approximately $7.4 million in Ether near the $4,202 price point, which was close to the cryptocurrency's peak value for that year.
Infini exploiter buys ETH dip after massive liquidations
This resurgence in wallet activity occurs amid a significant cryptocurrency market correction. Digital asset markets experienced their 10th-largest liquidation event in history during the previous week, eliminating approximately $2.56 billion in leveraged trading positions, based on information from Coinglass.
Ether's value temporarily declined to $1,811 on Thursday, representing a nine-month price low previously observed at the start of May 2025, according to TradingView data.
This purchase occurs one year following the security incident at stablecoin payment provider Infini, which resulted in a $50 million loss through an exploit believed to have been executed by a former developer who maintained administrative access following project completion, as Cointelegraph reported in February 2025.
The compromised USDC (USDC) was promptly converted to Dai (DAI) stablecoins that lack freezing capabilities. Recent blockchain transactions demonstrate that the perpetrator remains uncaptured with the $50 million in stolen funds, utilizing them to generate additional returns through digital asset trading.
The ETH acquisition indicates the exploiter continues to actively trade the stolen assets, as opposed to converting everything into stablecoins and exiting the market.
Infini launches Hong Kong lawsuit against developer
Approximately one month following the security breach, Infini initiated legal proceedings in Hong Kong against a software developer and multiple unnamed individuals believed to be connected to the $50 million exploit.
Through a March 24 blockchain message directed at the perpetrator, Infini identified developer Chen Shanxuan along with three unnamed parties who possessed access to wallets implicated in the security breach as defendants in the legal action.
The Hong Kong court additionally delivered an injunction order through a blockchain message to the perpetrator's wallet address, which included a writ of summons for the named defendants.
Infini had previously extended an offer of 20% of the bounty to the individuals responsible for the breach, contingent upon the return of the misappropriated funds. The protocol stated it had collected IP and device information regarding the perpetrators.
Cointelegraph reached out to Infini for comment on progress related to the legal dispute and the recovery of the stolen funds, but had not received a response by publication.