Months after the massive $49.5 million breach on the decentralized platform Infini, on-chain trackers have revealed the latest move of the attacker. The bad actor has swapped some stolen funds for the stablecoin DAI.
Recall that the hacker swiftly converted the stolen funds into an equivalent amount of DAI after the attack. Subsequently, they exchanged it for 17,696 ETH, when the asset was priced at $2,798. These funds were transferred to a new wallet.
Exploiter Moves 1,770 ETH as Profits Hit $10M
Fast forward to today, and the altcoin has surged significantly in value, boosting the worth of the stash to around $59.6 million. This means that the hacker has over $10 million in unrealized profit.
According to data from Lookchain, the hacker has just sold 1,770 ETH for approximately 5.88 million DAI. This move enabled them to cash in a portion of their unrealized profits and lock in liquidity. That leaves them with around 15,926 ETH worth approximately $53.7 million still sitting in his wallet.
Infini Exploiter is selling $ETH!
Back on Feb 24, the hacker exploited @0xinfini and stole $49.5M to buy 17,696 $ETH at $2,798.
With the rise of $ETH, the 17,696 $ETH are now worth $59.6M — over $10M in unrealized profit.
In the past hour, the hacker has sold 1,770 $ETH for… pic.twitter.com/0RV2tIl3bb
— Lookonchain (@lookonchain) July 17, 2025
The hacker’s decision to move a portion of ETH into DAI suggests a calculated strategy to stabilize holdings and possibly re-enter the market at a later date. Selling ETH grants immediate liquidity and lowers exposure to volatile swings. As a fiat‑pegged stablecoin, DAI acts as a hedge, helping preserve its capital until more favorable conditions emerge.
The Infini Exploit
On February 24, Infini suffered a security breach that resulted in the loss of about $49.5 million in USDC. The attacker was a rogue developer who retained admin access even after the project was completed. He exploited a smart contract backdoor and drained Infini’s USD‑Coin vault in two transactions.
The first phase saw 11,455,666 USDC stolen, which was then followed by a larger theft of 38,060,996 USDC. Following the attack, Infini’s founder, Christian Li, publicly acknowledged the failure, assuring users that their private keys remained secure.
Additionally, he stated that the project was thoroughly investigating the matter to trace the stolen funds and rebuild user trust. The platform also offered the hacker a 20% return bounty and promised full compensation to users.
Meanwhile, the incident is a strong reminder that strong governance, contract audits, and private key hygiene remain non-negotiable in DeFi.












