The blockchain-based DeFi lending platform CrediX, built on Sonic, has suffered an attack, losing approximately $4.5 million in cryptocurrency. The project team has suspended the website’s operations.
Credix seems to have had a security breach. We are investigating and will share details soon
— CrediX (@CrediX_fi) August 4, 2025
The breach occurred on August 4 at approximately 12:30 UTC+3.
“The website has been disabled to prevent users from making deposits. Please use contracts to withdraw funds,” CrediX warned.
Representatives of the protocol have promised to reimburse affected users within 24-48 hours.
Analysts at PeckShield stated that the hack was caused by the compromise of an administrator account.
Today’s @CrediX_fi hack is due to compromised admin account 0xF321683831Be16eeD74dfA58b02a37483cEC662e, which has a number of roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN.
And the BRIDGE role is abused to drain/borrow pool assets… https://t.co/JGuLmh8zWu pic.twitter.com/0jmAuvtcJv
— PeckShield Inc. (@peckshield) August 4, 2025
The account had access to several functions, including POOL_ADMIN, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, RISK_ADMIN, and BRIDGE. The latter allowed the introduction or borrowing of assets, enabling the perpetrator to issue unsecured acUSDC tokens.
SlowMist added that six days ago, the attacker’s address was added to the CrediX multisig wallet with admin and bridge rights via ACLManager.
🚨SlowMist TI Alert🚨
MistEye detected that @CrediX_fi has been exploited.
The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.https://t.co/E6tbBEI76M
This enabled the attacker, acting in the Bridge role, to directly mint… https://t.co/GiXswzNZqS pic.twitter.com/jJjYR1eyET
— SlowMist (@SlowMist_Team) August 4, 2025
“This allowed the perpetrator, acting in the bridge role, to directly mint collateral tokens for themselves. Consequently, the hacker borrowed a large volume of assets, depleting the pool,” experts explained.
According to CertiK, following the attack, the cryptocurrency was moved from the Sonic network to Ethereum. As of the time of writing, the stolen coins are located at three addresses.
Earlier, researchers at Global Ledger identified the speed of fund withdrawal following hacks as a major issue in the crypto industry. Analysts noted that in the first half of the year, hackers stole over $3.01 billion in 119 incidents.