qerranews 
A wallet linked to the $50 million Infini exploit has resurfaced after months of inactivity, purchasing over $13 million worth of Ether during a sharp market downturn and reigniting concerns over the movement of stolen crypto funds.
Infini Exploiter Wallet Reactivates After Months
Blockchain data shows that a wallet associated with the Infini exploit became active again nearly a year after the breach, snapping up Ether as prices dipped amid heightened market volatility. According to onchain analytics platform Arkham, the wallet purchased approximately $13.3 million worth of Ether (ETH) when prices fell to around $2,109.
Shortly after the purchase, the funds were routed through Tornado Cash, a crypto mixing protocol frequently used to obscure transaction trails. The move immediately drew attention from blockchain investigators and market watchers.
Blockchain tracking firm Lookonchain highlighted the timing of the trade, stating on X that the exploiter appears “very good at buying low and selling high,” referencing the wallet’s history of well-timed market entries and exits.
Previous High-Point ETH Sale Raises Eyebrows
This marks the wallet’s first known activity since August 2025, when the same address sold roughly $7.4 million worth of Ether at prices near $4,202, close to ETH’s yearly high at the time.
The pattern suggests that the entity behind the wallet is actively trading rather than attempting to exit entirely into stablecoins. Instead, the exploiter appears to be leveraging stolen funds to capitalize on major market swings, a tactic that has become increasingly common in high-profile crypto exploits.
Market Selloff Sets the Stage
The renewed activity comes amid one of the largest crypto market liquidations on record. According to Coinglass, last week saw approximately $2.56 billion in leveraged positions liquidated, making it the 10th-largest liquidation event in crypto history.
Ether was hit particularly hard, briefly falling to $1,811 on Thursday — its lowest price in nine months and levels last seen in early May 2025, according to TradingView data.
This sharp decline created a prime buying opportunity for deep-pocketed traders — including those operating with illicit funds.
Revisiting the $50M Infini Exploit
The Infini exploit occurred in early 2025, when the stablecoin-focused payments platform lost $50 million in a breach suspected to involve a rogue developer. Investigations suggested that the developer retained administrative privileges even after the project’s delivery, enabling unauthorized fund access.
Following the attack, the stolen USDC was swiftly swapped for DAI, a stablecoin that lacks a freeze mechanism, making fund recovery significantly more difficult. The latest onchain movements indicate that the attacker still controls the stolen assets and continues to deploy them in active crypto trading strategies.
The recent ETH purchase reinforces the view that the exploiter is not lying low, but instead remains deeply engaged in the market.
Legal Action and Onchain Injunctions
In response to the exploit, Infini launched a Hong Kong lawsuit against a developer and several unidentified individuals believed to be involved in the breach. In March, Infini sent an onchain message to the attacker’s wallet, naming developer Chen Shanxuan along with three unknown parties as defendants.
The Hong Kong court also issued an injunction order, delivered via blockchain message, along with a writ of summons. In a bid to recover funds, Infini previously offered the attacker a 20% bounty in exchange for returning the stolen assets.
The protocol has claimed to possess IP address data and device-related information linked to the exploiters, though the attacker remains at large.
What This Means for Crypto Security
The resurfacing of the Infini hack-linked wallet underscores ongoing challenges in crypto security, particularly around insider threats, smart contract permissions, and post-exploit fund tracking. While blockchain transparency allows investigators to monitor wallet movements, privacy tools like mixers continue to complicate enforcement and recovery efforts.
For the broader market, the incident highlights how stolen funds can still influence price action, liquidity, and market sentiment — especially during periods of extreme volatility.