Monat: Februar 2025

Veröffentlicht am

SEC drops investigation into Robinhood Crypto

  • Robinhood says the SEC has ended the regulator’s probe into Robinhood Crypto.
  • SEC issued a Wells Notice to Robinhood Crypto in May 2024.
  • SEC’s closing of the Robinhood Crypto investigation comes days after the agency closed a similar probe against Opensea.

The US Securities and Exchange Commission has dropped its investigation into Robinhood’s digital assets arm.

Robinhood announced via blog post on Monday, Feb. 24 that the SEC has closed its enforcement action probe against the company.

“We applaud the staff’s decision to close this investigation with no action,” said Dan Gallagher, chief legal officer of Robinhood Markets.

The SEC’s decision to end its investigation into Robinhood comes just days after another platform, Opensea, said the regulator was ending its probe.

Both Robinhood and Opensea received ‘Wells Notices’ from the SEC in 2024.

Last week, crypto exchange Coinbase also announced the regulator had agreed to dismiss the lawsuit it had filed against the US-based company in 2023.

SEC closes Robinhood probe

In the blog post on Monday, Robinhood said it received communication from the SEC’s Enforcement Division on Friday, Feb. 21.

The letter detailed the agency’s decision to end the investigation into Robinhood Crypto, with no further action. SEC’s Wells Notice alleged potential securities laws violations by the trading platform.

However, Robinhood maintained it had not violated any securities laws and did not offer securities to users.

“This investigation never should have been opened,” Gallagher added. “Robinhood Crypto always has and will always respect federal securities laws and never allowed transactions in securities. As we explained to the SEC, any case against Robinhood Crypto would have failed. We appreciate the formal closing of this investigation, and we are happy to see a return to the rule of law and commitment to fairness at the SEC.”

The SEChas taken a more pro-crypto innovation stance since the exit of former chair Gary Gensler. President Donald Trump’s appointment of pro-crypto individuals into positions at the agency has helped this shift, including the establishment of a crypto task force by acting chair Mark Uyeda.

 

The post SEC drops investigation into Robinhood Crypto appeared first on CoinJournal.

Veröffentlicht am

What we know about the $49.5M Infini exploit so far

  • Infini neobank hacked for $49.5M USDC, swapped for 17,696 ETH
  • The attacker exploited retained admin privileges in Infini’s smart contract
  • Infini’s founder has promised full compensation, citing negligence in authority transfer

Infini, a Hong Kong-based stablecoin neobank blending crypto and traditional finance, has become the latest hack victim, resulting in the loss of $49.5 million in USD Coin (USDC).

The hack, which was reported earlier today, was first flagged by blockchain security firm CertiK at 3:18 AM UTC. The result of the exploit has sent shockwaves through the decentralized finance (DeFi) community, underscoring persistent vulnerabilities in the crypto space, especially following the recent $1.4 billion Bybit hack on February 21, 2025.

The Infini attack

The attack targeted an Infini-related smart contract on the Ethereum blockchain, specifically the address 0x9A79f4105A4e1A050Ba0b42F25351D394fA7E1DC.

According to security analysts from CertiK, Cyvers, Blocksec, and PeckShield, a hacker gained unauthorized access by exploiting retained administrative privileges within the contract. The attacker, operating from the address 0xc49b5e5b9da66b9126c1a62e9761e6b2147de3e1, had initially developed the smart contract for Infini but retained control, unbeknownst to the project.

This insider access allowed the hacker to manipulate the contract’s settings, draining $49.5 million in USDC from what is believed to be the Morpho MEV Capital Usual USDC Vault.

Following the theft, the hacker swiftly converted the stolen USDC into Dai (DAI) and then purchased 17,696 Ethereum (ETH), valued at around $49 million at the time.

The funds were then transferred to a new wallet, 0xfcc8…6e49, and split across multiple addresses, with initial funding traced to Tornado Cash, a privacy tool often used to obscure cryptocurrency transactions. However, at the time of reporting, the ETH remained unmixed, indicating ongoing efforts to trace the hacker’s movements.

Infini’s response

Infini, which launched in 2024 as a digital-only neobank offering stablecoin transactions, crypto card services, and high-yield accounts, has issued an official statement acknowledging the security breach. It states that “all transfers, deposits, withdrawals, and payments remain in normal usage and working status.”

Infini’s founder, Christian Li, took full responsibility for the exploit in a post on X, clarifying that the breach didn’t result from a private key leak but rather his negligence in transferring authority from the developer to the project.

“My personal private key has not been leaked, so there is no need to worry too much. I was negligent when transferring the authority before. It is ultimately my responsibility. This has sounded the alarm… There is no problem with liquidity. Full compensation can be paid, and the funds are being traced,” he wrote.

Despite this reassurance, some on-chain analyses, including from PeckShield, suggest a potential private key compromise, adding complexity to the investigation.

Impact of the exploit

The exploit has raised serious questions about private key management, smart contract security, and the risks of insider threats in DeFi platforms.

Infini, which has experienced meteoric growth, boasting a 500% monthly increase in active users since its inception, particularly after launching its crypto card campaigns, now faces a critical test of its resilience. The neobank’s high-yield products, designed to attract liquidity, inadvertently provided the conditions for the exploit, amplifying the financial impact.

This incident follows closely on the heels of the Bybit exchange hack, which saw a staggering $1.4 billion drained through manipulated smart contract logic.

The similarity in tactics, splitting and mixing ETH, has led on-chain investigator ZachXBT to speculate that the Lazarus hacker group, known for such methods, might be involved, though no direct link to Infini’s attacker has been confirmed.

The rapid succession of these high-profile breaches has reignited calls for robust security protocols across centralized and decentralized crypto platforms.

Interestingly, the influx of stolen ETH into the market has paradoxically catalyzed a small rally, pushing Ethereum’s price above $2,800 for the first time in weeks as exchanges scrambled to replenish reserves.

However, the Infini incident has also sparked concerns about potential money laundering or hostile regime financing, given the use of Tornado Cash and the scale of the theft.

The post What we know about the $49.5M Infini exploit so far appeared first on CoinJournal.