04.08.2025 12:51

A significant security breach targeted CrediX, a smaller lending application operating on the Sonic blockchain. The attack, involving a $2.64 million flash loan originating from a wallet funded by Tornado Cash, resulted in approximately $200,000 in liquidity being drained from CrediX.

Swiftly following the illicit activity, Cyvers Alerts flagged the suspicious transactions, observing the attacker's use of Tornado Cash to fund the exploit and subsequently bridging the stolen funds to the Ethereum network. This transfer to Ethereum, a common tactic employed in similar attacks, likely aimed to enhance the anonymity and liquidity of the stolen assets, drawing parallels to methods utilized by North Korean state-sponsored hackers.

In response to the unauthorized withdrawals, CrediX immediately took action. The platform temporarily suspended user deposits to prevent further exploitation, and access to the CrediX website was restricted. While users were instructed to utilize smart contracts for withdrawals, the company has yet to publicly explain the precise vulnerability exploited by the attacker.

Further investigation revealed a more sophisticated attack than initially suspected. Instead of exploiting a publicly accessible flash loan function, the attacker gained unauthorized access to administrative controls within a multi-signature wallet, granting them control over the bridging functionality. This level of access enabled the creation of an unusually large loan, far exceeding the available liquidity pool, ultimately resulting in the minting of approximately $4.5 million in unauthorized bridged USDC tokens before the theft. The Sonic blockchain itself remains unaffected by this incident.