Infini $50 Million Theft Lawsuit Update: Primary Defendant a Compulsive Gambler, Potentially Buried in Massive Debt

Original Article Title: "Infini Hack: Engineer 100x Leveraged Contract, Defaults on Loan Shark Debt with Suspected Major Insider"

Original Article Author: Brother Cat, Wu Blockchain

Background

On February 24, the Web3 credit card and yield farming project Infini was hacked, with $49.5 million worth of funds flowing out of the Morpho MEVCapital Usual USDC Vault.

At the time, Infini founder Christian stated: "Out of the stolen $50 million, 70% belongs to close friends around me, all of whom I have personally contacted and will bear the potential losses myself. The remaining funds will be reinvested in the Infini vault by next Monday, everything will remain the same." Christian also expressed willingness to pay the hacker 20% of the stolen amount as ransom and promised not to take legal action if the funds were returned.

On February 24 at 8:00 PM, the Infini Team sent an on-chain message to Infini Exploiter 2: 0xfc…6e49:

We hereby inform you that we have obtained critical IP and device information about your attack on Infini. This was made possible thanks to the support of top exchanges, security agencies, partners, and our community. We are closely monitoring the relevant addresses and are prepared to freeze the stolen funds at any time. To peacefully resolve this matter, we are willing to offer 20% of the stolen assets as a reward if you choose to return the funds. Once the returned funds are received, we will cease further tracking or analysis, and you will not be held responsible. We urge you to take action in the next 48 hours to reach a solution as soon as possible. If we do not receive your response within the deadline, we will have no choice but to continue cooperating with local law enforcement to investigate this incident further. We sincerely hope to reach a solution that is most beneficial to all parties.

On February 26, the Infini Team once again sent an on-chain message to them:

More than 48 hours have passed since the attack occurred. We hereby provide you with one last opportunity to return the stolen funds. If you choose to return the funds, we will immediately stop all tracking and analysis, and you will face no consequences. Please send 14,156 ETH (80% of the stolen funds) to our Cobo custody wallet:

Wallet Address: 0x7e857de437a4dda3a98cf3fd37d6b36c139594e8

On February 27, Christian stated that the legal proceedings regarding the Infini hack incident have been formally filed in Hong Kong.

On the funding side, the hacker address 0x3a...5Ed0 exchanged 49.52 million USDC to an equivalent amount of DAI via Sky (MakerDAO) on the 24th, and then further exchanged the DAI for approximately 17,700 ETH through Uniswap in multiple transactions, sending them to a new address 0xfcC8Ad911976d752890f2140D9F4edd2c64a6e49. Subsequently, there have been no further transfers of these funds (presumably, the defendant was immediately taken under the control of law enforcement). However, due to the recent significant drop in ETH price, these ETH are currently only worth 35.15 million USD.

https://intel.arkm.com/explorer/address/0xfcC8Ad911976d752890f2140D9F4edd2c64a6e49

Litigation Details

At 6:00 PM on March 20, the Infini Team sent an on-chain message to Infini Exploiter 2: 0xfc…6e49, issuing a warning to the relevant address, indicating that the previously lost 50 million USD due to the Infini attack is in an ongoing legal dispute and is contentious. Any subsequent holder of crypto assets that were previously in the mentioned wallet (if any) cannot claim to be a "bona fide purchaser."

Additionally, the message also included a link to the court litigation documents, with the specific details as follows:

The plaintiff is Chou Christian-Long, CEO of BP SG Investment Holding Limited, a Hong Kong-registered company wholly owned by Infini Labs. The first defendant is Chen Shanxuan, remotely based in Foshan, Guangdong, and the second to fourth defendants are yet to have their real identities confirmed.

The plaintiff and BP Singapore jointly developed a smart contract for managing company and client funds, with the first defendant leading the coding. The contract originally had a multi-signature permission to strictly control any fund outflows.

Upon the contract's deployment to the mainnet, the first defendant allegedly retained the "super admin" ultimate authority but falsely informed other team members that the authority had been "transferred" or "removed."

In late February 2025, the plaintiff discovered that approximately 49,516,662.977 USDC worth of cryptocurrency assets were transferred out to several unknown wallet addresses (wallets controlled by the second to fourth defendants) without proper multi-signature authorization.

Concerned that the defendants or unknown parties might further transfer or launder the assets, the plaintiff applied to the court for:

1. A "Freezing Order" against the first defendant and relevant unknown individuals to restrain them from transferring or dealing with the stolen assets;

2. An order for the defendant or individuals controlling the relevant wallets to disclose their identities;

3. Various mandatory injunctions against the first defendant and other unknown wallet holders to prevent the disposal of assets;

4. Request for disclosure of transaction and asset information;

5. Permission for overseas service of process (i.e., serving legal documents to overseas defendants) and alternative means of service.

In one of the affidavits, the plaintiff stated: "I recently learned that the first defendant has a serious gambling habit, possibly racking up significant debts as a result. I believe this prompted him to steal the subject assets to alleviate his debt burden." The plaintiff also submitted screenshots of relevant message records to demonstrate that the first defendant was "potentially mired in substantial debts" (the plaintiff referred to the defendant subsequently going berserk and daily 100x leveraged futures trading).

According to the affidavit, the first defendant also borrowed funds from various sources within a relatively short period, even appearing to have contact with an "underground bank" or so-called "loan shark," leading to pressures of high interest rates and debt collection calls. Exhibit "CCL-17" mentions him seeking help from others in chats, mentioning carrying interest "from several places" and repeatedly inquiring about borrowing more money to tide over difficulties or asking for introductions to new funding sources.

Shortly before the incident, the first defendant had mentioned in work groups or private conversations with colleagues/friends that his financial situation was "extremely tight," even expressing anxiety like "if I can't get more money, things will get messy." These statements almost coincided with the time when the company's cryptocurrency assets were transferred without authorization, thereby reinforcing the plaintiff's judgment on the first defendant's "motive": possibly taking desperate actions due to immense debt pressure.

As per the plaintiff's account, when questioned about personal finances or gambling issues, the first defendant repeatedly evaded or gave vague answers, remaining elusive about the exact amount of his debts or whether he was still gambling. The affidavit posits that the first defendant pretended "nothing major was wrong" from late October until just before the incident, but the contents of his conversations with others on messaging apps were starkly contradictory to this.

The plaintiff is concerned that if the first defendant is eager to repay gambling debts or continue to recover losses, they may rapidly transfer the stolen digital assets to other wallets or even cash out off-chain, making it more challenging to trace. Therefore, an urgent application was made to the court for a worldwide asset freezing order, requiring the first defendant and other unknown wallet holders to disclose and surrender the involved crypto assets.

Kronos Research partner Bane stated that the team still has many outrageous, life-related materials that have not been presented in the court filings, but are more or less unrelated to the case directly; we are still more focused on recovering the funds themselves. When all evidence points to someone who was once trusted by everyone in the team, everyone is surprised. But motive is motive, everything is based on facts, and we believe the law will bring about a just outcome. Until the final judgment is made, he remains a suspect.

Bane mentioned that the team always thought that admin rights had been transferred to a multisig, but he used openzeppelin's permission library, which has always been many-to-many. So the initial dev wallet's rights were never relinquished. Typically, everyone uses an EOA during deployment and then transfers rights to a multisig. After deploying, the dev wallet controlled by him, based on the initial openzeppelin permission library setup, defaultly holds the super admin[0] permission. He later transferred this super admin permission to the multisig and falsely claimed in the chat records that he had already abandoned the EOA rights, but in reality, no revoke transactions were ever sent. Later, he said he thought permission management was one-to-one, not many-to-many, meaning he falsely claimed that as long as permissions were granted to the multisig, the dev wallet's permissions would automatically be relinquished. Based on trust, no one double-checked the contract status, leading to the tragedy.

The defendant had previously stated after the incident: my problem, forgot to revoke permissions, a very, very basic mistake.

The case is still pending judgment, with a substantial amount of the first defendant's chat records attached to the filed lawsuit. Interested readers can download the original file:

Link: Original File

Extraction Password: D1234@5##

Original Article Link