Thief Steals $4.5 Million from Credix Employing Unsecured Digital Currencies

Thief Steals $4.5 Million from Credix Employing Unsecured Digital Currencies

In a shocking turn of events, the decentralized finance (DeFi) protocol CrediX suffered a significant setback on August 4, 2025. An attacker managed to swipe approximately $4.5 million worth of cryptocurrency, according to reports by blockchain security firm CertiK and data provider DeFiLlama.

The attack was carried out through a compromised multisig admin wallet, enabling the attacker to mint unbacked acUSDC (Sonic USDC) tokens, borrow assets against these fake tokens, and drain the protocol's liquidity pool. The security breach led to CrediX's website being taken offline.

Key details of the attack mechanism reveal that the attacker gained control over an admin wallet with multiple high-level roles such as POOL_ADMIN, BRIDGE, and EMERGENCY_ADMIN. Using the compromised BRIDGE role, the attacker minted unlimited fake tokens, which were used as collateral to borrow real assets from the liquidity pool. The stolen funds were then bridged from the Sonic Network to Ethereum, making tracing more difficult.

Suspicions of an exit scam or rug pull arose when CrediX's team promised reimbursement but soon vanished, deleted official social media accounts, took the website offline, and ceased all communication. The stolen funds were routed through privacy mixers such as Tornado, further obscuring their trail.

Key partners affected and industry stakeholders, like Sonic Labs and Stability DAO, are reported to be pursuing legal actions and cooperating with authorities in an attempt to trace and recover the stolen assets. As of August 10, 2025, no confirmed recovery of the stolen funds has been publicly announced, and the CrediX team remains unresponsive.

This incident serves as a reminder of the risks associated with high-yield DeFi investments. In 2022, former Securities and Exchange Commission Chair Gary Gensler warned there may be "a lot of risk" behind yields that sound "too good to be true." Last month, CrediX announced that users could earn an annual interest rate of over 10,000% by lending assets on the platform.

The incident occurred on a layer-1 network named Sonic, and Peckshield reports that the attacker gained access to an administrative account on CrediX, allowing it to mint unbacked stablecoins. Six days ago, the attacker was given special privileges on CrediX, according to blockchain security firm SlowMist.

As Crypto enthusiasts and investors, it is crucial to stay vigilant and exercise caution when investing in DeFi protocols. The CrediX incident underscores the importance of conducting thorough research, understanding the risks involved, and staying updated on the latest security measures and best practices in the crypto space.

1. The attack on the decentralized finance protocol CrediX resulted in the loss of approximately $4.5 million worth of cryptocurrency, as reported by CertiK and DeFiLlama.
2. The attack was executed through a compromised multisig admin wallet, allowing the attacker to mint unbacked acUSDC tokens and drain the protocol's liquidity pool.
3. Using the compromised BRIDGE role, the attacker minted unlimited fake tokens that were used as collateral to borrow real assets from the liquidity pool.
4. The stolen funds were then bridged from the Sonic Network to Ethereum, making it harder to trace them.
5. Suspicions of an exit scam or rug pull arose when CrediX's team failed to reimburse the stolen funds and vanished, deleting official social media accounts and ceasing all communication.
6. Industry stakeholders, like Sonic Labs and Stability DAO, are pursuing legal actions and cooperating with authorities to trace and recover the stolen assets.
7. The incident emphasizes the risks associated with high-yield DeFi investments, a warning issued by former Securities and Exchange Commission Chair Gary Gensler in 2022.
8. CrediX, which operates on a layer-1 network named Sonic, allowed the attacker to gain access to an administrative account and mint unbacked stablecoins.
9. As cryptocurrency enthusiasts and investors, it's essential to stay vigilant and exercise caution when investing in DeFi protocols, and to conduct thorough research, understand the risks involved, and stay updated on the latest security measures and best practices.
10. This incident also highlights the importance of cybersecurity in the crypto market, a vital aspect often overlooked by investors.

Read also: