Lightweight PayFi Entrepreneurship Exploration: Infini’s Business Logic and Compliance Boundaries

曼昆区块链｜2025-04-23 18:04

Light platform ≠ light responsibility

Authors: Iris, Shao Jiayi

When we talk about Web3 applications, "PayFi" has become one of the most popular emerging directions in the financial field in the past two years.

The term is a fusion of "Payment" and "DeFi", which aims to connect the traditional financial card payment experience with the stable currency income account on the chain, and build a crypto asset usage model that combines liquidity and profitability. Driven by the narrative of "being able to use it", the PayFi project is trying to reshape the flow path and retention logic of assets in a way that is closer to traditional financial users.

From EarlyBird and Swipe to Infini, which has recently attracted the attention of attorney Mankiw, these projects generally adopt the trinity structure of "stablecoin account + consumption card + on-chain income", supplemented by growth mechanisms such as referral rebates, attempting to provide users with a financial interaction solution that "does not require understanding of DeFi to use encrypted assets."

This type of architecture is both technologically innovative and controversial in terms of its implementation path, because the closer it is to the essence of traditional financial business, the more complex the regulatory challenges it faces.

So, taking Infini as an example, how is its product structure and business logic constructed? What compliance elements has it attempted, and in what areas may there be potential risk exposure?

*This article is based on public information and conducts compliance analysis on relevant business models and policy environments. The content is for research and communication only and does not constitute any investment advice or commercial promotion.

Infini Core Product Overview

Infini is a Web3 payment and financial platform for the global market. Its core positioning is to open up the "save, earn, and spend" path for users' encrypted assets. By integrating stablecoin custody, income strategy access and physical consumption channels, it provides users with an asset usage path with on-chain income attributes without having to jump out of the mainstream payment system.

From the perspective of operation structure, Infini itself does not hold on-chain revenue agreements or card issuance and clearing qualifications, but as a connection intermediary, it cooperates with third-party custodian service providers, DeFi protocols, and payment networks to build a light operation platform architecture of "account + revenue + card payment". This model of connecting on-chain and off-chain capabilities through cooperation also represents a more common compliance and lightweight exploration path in the current PayFi track.

Based on this architecture, Infini has designed three core functional modules in the front-end service layer, corresponding to asset custody and income generation, consumer payment execution , and user growth mechanism. The three modules are nested with each other, forming the key fulcrum for the platform to achieve a closed loop of product value.

1. Infini Earn

Users can deposit USDT or USDC into the platform's escrow account by binding their wallets, and the system will use the funds to participate in the profit strategy planned by the platform. The profits are distributed daily, and the interest is calculated daily. Users can withdraw the principal and realized profits at any time.

The platform did not disclose detailed strategy parameters, but the document mentioned that the parties to the cooperation agreement include Ethena, Morpho and Usual, and the income strategy is advertised as a "delta-neutral structure", that is, to achieve low-volatility returns through hedging position combinations. The platform itself does not guarantee the results of the strategy, but only acts as an integrator of income channels.

2. Infini Card

Infini provides virtual cards (suitable for binding to mainstream channels such as Apple Pay, Google Pay, Alipay (overseas Alipay), WeChat Pay, and physical card products that are planned to be launched. The card types are divided into three types: Meow, Rabbit and Woof, corresponding to different cost and usage frequency scenarios.

All cards are bound to the balance in the user's platform. When making payments, the system will automatically complete the exchange between stablecoins and the target settlement currency without manual operation by the user. The actual settlement is completed through partners, and the official documents do not clearly disclose the information of the issuing bank or licensed payment clearing institution.

3. Recommendation and red envelope function

Infini has an invitation rebate mechanism and red envelope distribution function. Users can invite others to register and recharge by sharing the invitation code, and get USDT or Card cashback rewards. The specific amount and conditions depend on the card type and recharge amount.

Infini Business Model Analysis

As a typical "bilateral matching" asset-light business model, Infini does not simply provide a consumption portal for encrypted assets, but is positioned as an intermediate platform connecting the on-chain DeFi protocol and ordinary users. On the one hand, it provides C-end users with a "payment + income" stable currency application experience through card products, income accounts and other functions; on the other hand, as a channel for the introduction of funds and traffic, it provides users and funds access capabilities for B-end partners such as DeFi protocols and income strategy parties.

The core business value of the platform lies not only in the abstract packaging of the on-chain and off-chain processes of "revenue generation" and "payment use", but also in realizing revenue monetization in two directions through this intermediate position: charging channel service fees to the C-end, and participating in revenue sharing or obtaining promotion incentives for the B-end in the form of strategic drainage, fund deposits, etc.

1. Source of income

Infini's current main sources of income come from two directions:

Usage service fees paid by C-end users

It includes card activation fees, such as US$9.9 for Meow and Rabbit cards respectively; card transaction fees, such as a 0.8% service fee and an additional US$0.5 for each non-US dollar transaction for Rabbit cards; and exchange rate conversion fees, with the exchange fee for non-US dollar consumption being 1% to 1.5%. The platform automatically handles the conversion between on-chain assets and settlement currencies.

This part of the fee provides the platform with the stable cash flow needed for operation.

Strategic collaboration incentives for B-side cooperation agreement parties

The platform has not clearly disclosed the commercial profit-sharing structure between it and protocols such as Ethena, Morpho, and Usual, but considering that the platform can bring user asset sedimentation, stable capital flow, and liquidity injection, Infini may have the opportunity to obtain reward feedback from the protocol side, such as strategy access incentives, TVL growth subsidies, etc.

In addition, it is not ruled out that subsequent platforms may obtain intermediary promotion fees by guiding users to open positions or pledge on specific DeFi platforms.

Overall, Infini has built a relatively lightweight platform-based business model with the potential for scalability through standardization of C-end services and cooperation of B-end resources, without building underlying protocols or holding card issuance and clearing qualifications.

2. Structural Dependency

Infini's business structure is highly dependent on the compliance and technical capabilities of external service providers, including:

Custody service. The platform adopts an account management solution provided by Cobo, a licensed third-party custodian. User assets are not directly held by Infini, and the platform itself does not constitute an asset custodian.

Infini does not operate any on-chain income agreements. Its income plan is provided by external agreements, and the platform only serves as a front-end interface for integration and transfer. If a major event occurs in the underlying agreement, Infini itself may lack a risk buffer mechanism.

Payment and settlement channels. Although Infini provides binding to a variety of traditional payment channels, the relevant clearing services are still completed by the cooperating third-party payment institutions, and the platform does not bear the obligation of direct settlement. At present, the platform has not publicly disclosed the name of its issuing bank or specific licensed clearing service provider information. It only states that the card products are based on the Visa or Mastercard network, and there may be uncertainty in the relevant clearing capabilities and service geographical scope.

This "highly connected, low-licensing" light operation architecture helps to quickly deploy and control costs, but it also increases the degree of dependence on key cooperation nodes. Once a core link (such as custody, payment, and protocol end) encounters legal, compliance, or operational interruption risks, the platform itself will face greater service continuity and user trust risks.

3. User benefit mechanism

In the Infini Earn module, users can participate in the platform-integrated on-chain income plan by depositing USDT or USDC into the platform's custody account. The platform adopts a daily interest calculation and daily income distribution method to create a low-threshold, manual-free stablecoin income experience.

According to official documents, its profit strategy is mainly a "delta-neutral" structure, that is, to build a market-neutral position between different protocols through a combination of long and short positions on the chain to achieve an annualized return with lower volatility. However, this structure is highly dependent on the security, liquidity and strategy execution efficiency of the connected DeFi protocols (such as Ethena, Morpho, Usual, etc.). Once the underlying protocol fails to liquidate, a governance attack or other operational risks occur, the related losses may be directly transmitted to the user's custodial assets.

In terms of contractual liability arrangements, Infini has not made any explicit or implicit guarantees for user earnings or principal security. Its platform positioning is closer to a "strategy aggregation and channel service provider", responsible for the strategy access and earnings settlement of user funds. Although user assets are protected by custody, investment judgment and earnings are borne by the user.

This structural design realizes the functional separation of platform revenue rights and responsibilities, allowing Infini to maintain a low pressure on overall financial risk. But it also means that more compliance obligations, investment information disclosure responsibilities and protocol security judgments are substantially transferred to end users and strategic partners.

Infini Compliance and Risk

As a typical PayFi light-operation platform, Infini demonstrates its consideration of adapting to the existing financial regulatory framework in product function design, especially in terms of KYC system, asset custody isolation and off-chain payment channels, reflecting a certain compliance awareness.

Implement real-name KYC system

Infini has strict geographical restrictions on service access. Users need to complete identity verification when registering, and for certain regions, including mainland China, the system will directly block registration during the mobile phone number verification stage. The official documentation also clearly lists unsupported jurisdictions, including countries subject to international sanctions, such as North Korea, Iran, and Cuba, as well as regulatory sensitive areas, such as the United States and mainland China. This "technical restriction + legal statement" approach demonstrates the platform's compliance awareness in KYC, geographic risk isolation, and cross-border regulatory adaptation, while providing identity data support for subsequent card clearing and custody cooperation.

Separation of asset custody and business functions

Infini itself does not directly hold user funds, but manages user asset accounts through Cobo, a licensed third-party custodian service provider. The platform is only responsible for strategy access and card service front-end, and implements the structural design of "assets are held by compliant institutions, and the platform does not directly constitute a fund pool", which helps to reduce the platform's regulatory sensitivity in risk points such as fund collection and illegal fundraising. However, Cobo's custody qualifications are limited to specific jurisdictions (such as Singapore). If the user comes from an uncovered region (such as the European Union), the legal validity of the asset custody is questionable.

Card payment path connected to traditional network

Infini card products are based on the Visa or Mastercard network and can be connected to mainstream consumption channels such as Apple Pay, Google Pay, Alipay, and WeChat. Although the specific card issuer has not been disclosed, compared with platforms that rely entirely on on-chain payment or gray clearing channels, Infini completes the payment process through the traditional financial network, and has stronger user acceptance and payment behavior legitimacy expectations in practical operation.

However, considering the cross-border nature of its service area and the types of assets involved, Mankiw believes that there may be potential legal uncertainties in the following key factors, which need to attract the attention of the platform and deserve the attention of PayFi entrepreneurs and compliance teams.

Insufficient information disclosure in the payment and settlement process

Although Infini has made it clear that its card products are connected to the Visa/Mastercard network, it has not yet disclosed the names and legal structures of its issuing banks or cooperative clearing service providers. If the service scope is extended to users in other jurisdictions, without clear cross-border clearing licenses, it may lead to risks such as insufficient payment service qualifications and unclear compliance of cross-border data transmission, especially in the Asian market where supervision is becoming stricter.

Limited transparency in revenue strategies, outsourcing risks to users

Although the platform claims to adopt a "delta-neutral" strategy and lists its partners as DeFi protocols such as Ethena, Morpho, and Usual, it does not disclose the specific ratio of income allocation, details of capital investment, and stop-loss mechanism. Under the premise that the platform does not provide a guarantee, users essentially need to bear the strategy execution risk and agreement contract risk on their own, and may misjudge the actual risk exposure under the attraction of high annualization, involving potential "income-induced disclosure obligations."

The invitation rebate mechanism may touch the regulatory red line in certain jurisdictions

Infini has a rebate and red envelope system based on registration and recharge. Although the reward logic is relatively flat and does not constitute an obvious hierarchical rebate structure, in some jurisdictions, if the rebate behavior is linked to the recharge and forms a fund guidance path, it may still be identified as "profit-induced sales" or "pyramid scheme-like structure", which constitutes a sensitive behavior in financial promotion behavior and needs to be carefully judged and restricted according to the laws of different countries.

Authority management and risk response mechanisms still need to be improved

In March 2025, Infini suffered a major asset security incident, in which hackers transferred approximately $50 million USDC from the platform's custody account through unremoved administrator privileges. Although the platform subsequently issued an on-chain notice and filed a civil lawsuit in Hong Kong, the incident exposed the platform's technical weaknesses in authority configuration, system isolation, and abnormal transaction monitoring.

This type of "uncontrolled attack" shows that although the platform adopts a third-party custody solution, the access and management rights to the custody account are still highly dependent on the platform's own internal security structure and development process. If the platform does not set up a multi-signature permission and risk control automatic freezing mechanism, a single point of loss of control may cause systemic risks to user assets. In addition, the platform currently has no emergency compensation mechanism or insurance pool, which also reflects that its risk control and user protection system is still imperfect, which may lead to future supervision of the redefinition of the actual responsibility of the custody system.

Inspiration and Suggestions

The Infini case demonstrates the huge market potential of the PayFi model under the narrative of "being usable", but also exposes the multiple challenges that such light-operation platforms face in terms of regulatory boundaries, technical security and division of responsibilities.

For entrepreneurs who are exploring the “account + income + payment” path in the Web3 field, Mankiw recommends that they focus on the following five directions when designing business structures and implementation plans:

Platform structure does not mean liability exemption: light platform ≠ light obligations

Even if the platform does not directly hold assets, does not build its own DeFi protocol, and does not clear capital flows, it still needs to bear the responsibility of information disclosure and risk control for key compliance nodes. Infini’s security incident shows that even if it is hosted by a third party, if the authority is not set properly, the platform still needs to bear the obligations of the “substantial controller”.

Therefore, when entrepreneurs adopt the "integrated platform" model, they should clearly disclose in documents, user agreements and product designs that the platform does not provide a cover or guarantee, but at the same time establish a minimum authority system, an operation audit chain and an emergency response mechanism.

Multilateral compliance interfaces need to be considered in an integrated manner: Don’t just look at the license plate

The PayFi model involves multiple compliance modules, including stablecoin management, revenue generation, consumer settlement, KYC identification, data transmission, cross-border services, etc. With the increasing cross-integration of supervision, it is no longer possible to meet the regulatory expectations of multiple places by only holding a license in a single link (such as custody or clearing).

Practitioners should take "compliance design" as the starting point of architectural design and conduct a multi-dimensional regulatory review before selecting a service area (such as Hong Kong, Singapore, the UAE, etc.) to avoid the mismatch of responsibilities caused by "business in one place, risks in multiple places".

Rebate and marketing mechanisms must be evaluated in advance for cross-border compliance

The referral rebate mechanism has become a high-frequency tool in the growth of Web3 projects, but when the rebate conditions are directly linked to fund recharge, card activation and other links, some jurisdictions may regard it as "quasi-fund-raising behavior" or "profit-induced sales", constituting unauthorized financial promotion behavior and even touching the legal boundaries of multi-level sales.

When designing relevant mechanisms, platforms should conduct localized adaptation based on the compliance requirements of the target market. It is recommended to control the incentive ratio and trigger conditions in the system, and try to avoid cashback or direct return of stablecoins. If necessary, it can be converted into incentives such as points, discounts, and non-cash rights, and add significant risk warnings and compliance pre-processing links (such as KYC completion, regional screening, etc.) in the user interface to resolve potential legal issues.

The responsibility boundaries of cross-chain on-chain and off-chain processes need to be clarified in advance

PayFi projects often span on-chain DeFi and off-chain card payments, involving logical linkage and responsibility transmission between multiple systems and protocols. Once a link fails, such as contract liquidation or card channel freezing, unclear responsibility will lead to legal disputes and user trust risks.

Therefore, practitioners should reserve abnormal detection and strategy jump mechanisms when designing contract/API call processes, such as automatically suspending operations or switching to backup strategy plans when assets experience abnormal fluctuations. At the same time, the responsibility boundaries of on-chain and off-chain operations should be clearly divided in the user agreement.

The license plate may not be the end, but the starting point

As Hong Kong, Dubai, Singapore and other places have successively introduced VASP systems and innovative financial frameworks, some entrepreneurs mistakenly regard "applying for a license" as the end of compliance. But in fact, the license is only the first step to enter the regulatory field of vision, and the subsequent obligations such as business change declaration, daily compliance operations, anti-money laundering review, and user information retention are the real challenges.

If the platform plans to operate in a highly compliant market, it should establish a "compliance operation sandbox" before obtaining a license to simulate common regulatory inquiry scenarios (such as user identity tracing, asset source auditing, black market infiltration investigation, etc.) and build risk response capabilities in advance.

Author ：曼昆区块链
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ：曼昆区块链 If there is any infringement, please contact the author to remove it.

Comment

Recommend Reading