04.08.2025 14:25

Decentralized finance (DeFi) protocol CrediX suffered a significant security breach, resulting in losses estimated at $4.5 million. Initial reports suggest the attack stemmed from a compromised private key, granting unauthorized access to the platform's systems. CrediX itself acknowledged the breach via a tweet, promising a forthcoming detailed investigation and update.

Following the attack, CrediX proactively took its website offline to prevent further deposits, a crucial step to contain the damage. Security firm CertiK confirmed the stolen funds were subsequently transferred from the Sonic network to the Ethereum blockchain. Notably, the attacker's wallet remains in possession of the stolen assets, exhibiting no further activity as of yet.

Adding further context to the attack, Cyvers Alerts, a Web3 security specialist, identified multiple suspicious transactions on the Sonic network directly linked to CrediX. Their analysis revealed a complex attack vector: an Ethereum address, previously funded through the privacy-enhancing tool Tornado Cash, bridged funds to Sonic before exploiting a vulnerability within CrediX to borrow approximately $2.64 million.

A deeper dive into the incident by on-chain security firm SlowMist uncovered a chilling detail: six days prior to the exploit's detection, the attacker was granted both "Admin" and "Bridge" access to the CrediX multisig wallet using the ACLManager. This privileged access allowed the attacker to mint collateral tokens within the CrediX Pool, subsequently using these tokens to borrow and drain a substantial quantity of assets. The incident highlights the critical risks associated with improperly managed access control within DeFi protocols.