Exit Scam? DeFi Protocol CrediX’s Team Vanishes Following $4.5 Million Exploit
The team behind the DeFi protocol CrediX is suspected of an exit scam following a recent $4.5 million security breach. The team has reportedly “vanished” from the project’s official channels despite promising refunds, le...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
The team behind the DeFi protocol CrediX is suspected of an exit scam following a recent $4.5 million security breach. The team has reportedly “vanished” from the project’s official channels despite promising refunds, leaving customers empty-handed.
DeFi Protocol Suffers $4.5 Million ExploitOn Friday, security firm CertiK reported that the DeFi lender CrediX’s team had disappeared following the platform’s recent exploit, leaving its website offline since the August 4 incident and suddenly deleting the official X account.
For context, the Sonic-based DeFi lender suffered a security breach on Monday after a potential wallet compromise led to the theft of $4.5 million from the protocol’s liquidity pool.
Blockchain security firm PeckShield explained that the alleged hack was due to a compromised admin account, which allowed the exploiter to abuse its BRIDGE role to mint unbacked acUSDC (Sonic USDC) tokens, borrow against them, and drain the pool, before bridging the assets from Sonic Network to Ethereum.
Notably, SlowMist found that the CrediX multisig wallet added an attacker as an admin and bridge role via ACLManager six days before, which raised concerns among investors.
The DeFi lender’s team acknowledged the incident on X, stating that they had disabled the website to prevent users from depositing. Later, the team informed its community that it had allegedly “reached successful parley with the exploiter, who agreed to return the funds within the next 24-48 hours.”
According to the now-deleted post, posted on CrediX’s official Telegram account by a user, the attacker agreed to return the funds “in return for money fully paid by the credix treasury.”
The team affirmed that they would airdrop the funds to the affected users’ addresses in “the respective timeframe.”
CrediX Goes DarkThe following day, the team addressed the exploit on Telegram, stating, “We are truly sorry for this devastating incident and the impact it may have on our community,” and affirmed that they would keep users updated on the next steps before disappearing and deactivating the official X account.
On Thursday, the Sonic-based Stability DAO confirmed on its Discord server that CrediX had “gone dark and disappeared,” directly affecting the protocol’s users. The exploit affected Stability DAO’s Metavaults as the project had recently integrated with CrediX.
In the message, the protocol announced that all the affected teams, including Sonic Labs, Euler, Beets, and Rines Protocol (Trevee), were in communication and actively working on “filing a formal legal report with the authorities in hopes of recovering lost funds.”
Additionally, they have obtained information on two of the DeFi lender’s members, which would be added to the report alongside the rest of the evidence.
“A full incident report will be shared with the community soon, outlining everything that happened and what steps are being taken,” the message vowed.
This incident follows the alarming trend that has been developing this year. As reported by NewsBTC, crypto theft has surged this year, reaching a total loss of $2.7 billion in the first half of 2025.
By the end of June, more value had been stolen year-to-date (YTD) than during the same period in 2022, suggesting that theft from crypto services and DeFi projects could potentially hit $4.3 billion by year’s end.
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on NewsBTCRelated market context
New SummerFi DeFi exploit shows AI automation now sits above smart contract risk
Summer.fi's automated vault incident has put delegated DeFi yield back under pressure after Blockaid said on July 6 that its explo...
Ctrl Wallet to shut down after June security exploit, users urged to withdraw assets by August 3
The shutdown highlights the critical need for robust security measures in digital wallets, emphasizing user vigilance against pote...
1kx, Blockchain Capital back $7.5 million KOR Protocol Series A at $100 million valuation
KOR Protocol is building an onchain clearinghouse that helps register and route creative works and pay out rights holders.
Nigel Farage resigns as MP following multiple crypto-linked scandals
Reform UK leader Nigel Farage has announced that he will resign as MP and force a local by-election after The Times revealed that...
SecondFi is shutting down after Cardano wallet exploit
Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to aff...
Single address votes 99.9% to drain BONK treasury of $21M
The treasury of Solana-based memecoin project, BONK, has been drained of over $21 million, via a malicious governance proposal. A...