Home Industry News science events
  • 简体中文
  • English
  • 简体中文
  • English
Home > Industry News > News detail

Earning millions a year but addicted to contracts: An insider staged a $50 million theft?

Blockchain editor
22 Mar 2025 10:29:07 AM
He used to be a technical engineer at an exchange with an annual income of one million yuan, but he was addicted to 100-fold contract gambling and messed up everything.Blockchain data platform Etherscan shows that the stablecoin digital ban
Earning millions a year but addicted to contracts: An insider staged a $50 million theft?

He used to be a technical engineer at an exchange with an annual income of one million yuan, but he was addicted to 100-fold contract gambling and messed up everything.

Blockchain data platform Etherscan shows that the stablecoin digital bank Infini team sent a lawsuit notice to a hacker address (0xfc…6e49) through an on-chain message, and attached detailed court lawsuit documents. This case involves the theft of assets as high as 49.51 million USDC, which has attracted widespread attention in the industry.

The plaintiff in the lawsuit is Chou Christian-Long, CEO of BP SG Investment Holding Limited, a wholly-owned subsidiary of Infini Labs. One of the defendants is Chen Shanxuan (Chinese name Chen Shanxuan), an engineer based in Foshan, Guangdong, China. The identities of the other two to four defendants have not yet been confirmed.

Infini was stolen at the end of February this year. Only one month later, the suspect has been officially locked in? What is the truth?

Privately retaining administrator privileges and huge amounts of money stolen

According to the lawsuit documents, Infini is a digital bank that combines cryptocurrency and traditional financial services. Its core business includes providing payment solutions, high-yield accounts and cryptocurrency card services through stablecoin USDC. Plaintiff Chou Christian-Long stated in the document that Infini worked with BP Singapore to develop a smart contract to manage the secure storage and transfer of company and customer funds. The contract was written by the first defendant Chen Shanxuan and designed a multi-signature mechanism to ensure that any fund transfer must be approved by multiple authorized personnel to improve the security of funds.

However, things took a dramatic turn after the smart contract was launched on the mainnet. The lawsuit claims that Chen privately retained the super administrator privileges during the contract deployment process and lied to other members of the team that the privileges had been removed or transferred.

On February 24, the plaintiff discovered that approximately 49.51 million USDC were transferred out of the fund pool without authorization, and the funds flowed to multiple unknown wallet addresses without multi-signature verification. After preliminary investigation, the funds were subsequently exchanged for DAI and quickly purchased 17,696 Ethereum (ETH), which were eventually dispersed to multiple addresses, some of which could be traced back to the privacy tool Tornado Cash.

A highly praised engineer earns a million a year, but is addicted to gambling with 100-fold contracts and messes everything up

The lawsuit documents reveal that the first defendant, Chen Shanxuan, is employed by BP Singapore, a subsidiary of Infini, but his main workplace is in Foshan City, Guangdong Province, China, and he works remotely. As the main developer of smart contracts, Chen has core authority in the project. The documents point out that although he has not been with the company for a long time, he has been given the role of super administrator of the fund management contract, which gives him absolute control over the contract. Industry insiders analyzed that Infini's negligence in the allocation of authority may be the fuse of this incident.

In addition, the plaintiff mentioned in the affidavit that he recently learned that Chen Shanxuan had a serious gambling habit and may have huge debts as a result. Several screenshots of message records were attached to the document, in which Chen confessed in a conversation with others that he had messed up everything and revealed his despair about life, saying that sometimes he really wanted to end it all and that life was too tiring.

Based on this, the plaintiff speculated that gambling debts may be the main motive for Chen to steal assets. According to Colin Wu, Chen was previously a model of knowledge sharing for technical staff of the exchange. Although he made millions a year, he continued to borrow money from various people, opened 100x contracts, and took more and more online loans, eventually going down a road of no return. However, no further details about Chen's specific personal background, such as education and work experience, have been provided in the lawsuit, and his true motives are still subject to further investigation by the court.

Hong Kong court to preside over hearing on March 27

The subsequent development of this case may involve multiple levels. The plaintiff's primary goal is to freeze the stolen assets and recover the losses. The Hong Kong court has accepted the case and plans to have a hearing presided over by Judge Lok at 9:30 am on March 27, 2025, when the injunction will be reviewed. If Chen or other defendants do not appear in court, the court may make a ruling in absentia.

The transparency of blockchain facilitates asset tracking, but if hackers launder funds through mixing services (such as Tornado Cash), the difficulty of recovery will increase significantly. Previously, Infini had warned hackers on the chain and said that some funds (about $43 million) had been frozen. However, if the remaining funds are transferred to an unregulated address, the hope of recovery will become slim.

In addition, Chen's own situation has also attracted much attention. He may face criminal charges under the legal systems of Hong Kong and Singapore. If his gambling debt problem is true, the police may further investigate the source of his funds and whether he is involved in other criminal activities. Some analysts pointed out that if Chen has been detained, the case may accelerate to the trial stage.

Multi-signature wallet permission settings leave hidden dangers

The theft of Infini is not an isolated case. In early 2025, the cryptocurrency industry suffered a series of security incidents, such as the $1.4 billion hack of the Bybit exchange on February 21, highlighting the security risks that still exist in the industry during its rapid development. Since its launch in 2024, Infini has attracted a large number of users due to its innovative stablecoin payment services and high-yield products. However, this incident exposed the weaknesses of its internal management and technical audits.

Blockchain security experts analyzed that if the allegations in the lawsuit are true, Chen Shanxuan's behavior is a typical internal attack. Infini's failure to implement adequate decentralized safeguards before the smart contract went online, such as multi-signature wallets, time lock mechanisms or third-party audits, is an important reason for the incident. An industry insider commented: "Infini's management is to blame for handing such important authority to a new remote employee without strict supervision."

The case of Infini v. Chen once again sounded the alarm for security in the industry. At a time when blockchain technology is increasingly integrated into the financial system, how to set up permission management, audit and cross-validation, prevent contract crazy players from mastering important permissions, and allocate energy to zero-trust architecture are all important issues that founders have to face.

As the lawsuit progresses, more details of the case may surface, and the full truth behind Chen's theft may be revealed.

Blockchain
Recommended Reading
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
29 Apr 2025
 The Sandbox: Single-wallet Web3 gaming is still a player’s vision
The Sandbox: Single-wallet Web3 gaming is still a player’s vision
29 Apr 2025
 Bitcoin (BTC) Could Reach $210,000 by 2025, Says Presto Research Head
Bitcoin (BTC) Could Reach $210,000 by 2025, Says Presto Research Head
29 Apr 2025
 Arizona Legislature Passes Bitcoin Reserve Bill, Sends It to Governor
Arizona Legislature Passes Bitcoin Reserve Bill, Sends It to Governor
29 Apr 2025
 Ethereum Fusaka hard fork scheduled for late 2025
Ethereum Fusaka hard fork scheduled for late 2025
29 Apr 2025
 Mastercard plans to integrate stablecoins into global payments network
Mastercard plans to integrate stablecoins into global payments network
29 Apr 2025
 Coinbase says Lightning Network facilitates 15% of its Bitcoin transactions
Coinbase says Lightning Network facilitates 15% of its Bitcoin transactions
29 Apr 2025
 Four Key Factors Supporting AI Agent’s Flywheel Growth
Four Key Factors Supporting AI Agent’s Flywheel Growth
29 Apr 2025
Popular Searches
ai Cryptocurrency Ethereum btc gold 比特币 Dollar Binance Securities Trading Crypto Trading
Related News
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
The Sandbox: Single-wallet Web3 gaming is still a player’s vision
The Sandbox: Single-wallet Web3 gaming is still a player’s vision