A wallet linked to the 50 million dollar Infini exploit has become active again after nearly a year of operational silence. According to Arkham data, the attacker took advantage of the recent market downturn to execute an Ether investment valued at 13.3 million dollars, subsequently sending the assets to the Tornado Cash mixing protocol this Monday.
This financial movement, which occurred amidst a widespread correction in the crypto sector, marks the wallet’s first activity since August 2025. By purchasing the asset at a price of 2,109 dollars, the exploiter demonstrates a notable ability to trade at market lows, consolidating an accumulation strategy that has caught the attention of the most influential cryptocurrency analysts today.
Exploiting volatility and financial concealment tactics
On the other hand, the reactivation of the wallet coincides with one of the largest liquidation events recorded in the recent history of the market. Following the elimination of 2.56 billion dollars in leveraged positions, the attacker decided to move his funds, using mixers to hinder tracking by international authorities. In this way, the person responsible for the theft continues to manage the stolen capital to maximize his personal profits.
Likewise, the trajectory of this wallet reveals that the user previously sold 7.4 million dollars in Ether near the annual highs of 4,202 dollars. Nevertheless, by making this new Ether investment during the drop towards 1,811 dollars, it is evident that the attacker has no intention of leaving the market, but rather seeks to increase his wealth through trading actively with the proceeds of the original attack.
In addition to the financial aspect, this case serves as a reminder of the vulnerability of platforms to rogue developers with administrative privileges. The affected firm, Infini, originally lost 50 million in USDC which were quickly swapped for the DAI stablecoin to prevent any freezing of funds. Therefore, the attacker has managed to maintain control of the assets using decentralized and censorship-resistant blockchain technology.
What is the current state of legal actions against the exploiter?
On the other hand, Infini has initiated a lawsuit in Hong Kong against developer Chen Shanxuan, identified as the main suspect in the attack. Because the court issued an injunction through on-chain messages, justice seeks to pressure the person responsible for the return of the capital. However, despite offering a twenty percent bounty, the attacker has ignored the legal proposals to this date.
However, the attacker’s resilience raises serious questions about the effectiveness of court orders in decentralized and anonymous environments. While the legal system tries to identify accomplices, the criminal wallet continues to operate freely, which could incentivize new social engineering attacks within the sector. For this reason, the recovery of stolen funds remains an extremely complex technical and legal challenge.
It is also relevant to highlight that Infini claims to possess information about the IP addresses and devices used during the security breach. Despite this evidence, the exploiter remains at large, using his Ether investment as a tool to generate additional gains instead of seeking a settlement. This demonstrates that the sophistication of digital criminals often surpasses the immediate response mechanisms of companies.
Finally, the market watches these movements with caution, as a massive sale of these assets could generate additional downward pressure in the future. Blockchain intelligence agencies are expected to intensify their monitoring of Tornado Cash exit nodes, seeking to identify any trace that allows the capture of those responsible. In this way, the crypto ecosystem tries to purge illicit activities that tarnish the trust of institutional investors nowadays.
