{"id":25808,"date":"2025-08-04T16:41:52","date_gmt":"2025-08-04T13:41:52","guid":{"rendered":"https:\/\/forklog.com\/en\/credix-protocol-halts-operations-following-4-5-million-hack\/"},"modified":"2025-08-04T16:41:52","modified_gmt":"2025-08-04T13:41:52","slug":"credix-protocol-halts-operations-following-4-5-million-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/credix-protocol-halts-operations-following-4-5-million-hack\/","title":{"rendered":"CrediX Protocol Halts Operations Following $4.5 Million Hack"},"content":{"rendered":"<p>The blockchain-based DeFi lending platform CrediX, built on <a href=\"https:\/\/forklog.com\/en\/news\/a-phantom-reborn-sonic-a-revamped-network-from-the-father-of-defi\">Sonic<\/a>, has suffered an attack, losing approximately $4.5 million in cryptocurrency. The project team has suspended the website&#8217;s operations.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Credix seems to have had a security breach. We are investigating and will share details soon<\/p>\n<p>\u2014 CrediX (@CrediX_fi) <a href=\"https:\/\/twitter.com\/CrediX_fi\/status\/1952296077308428311?ref_src=twsrc%5Etfw\">August 4, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The breach occurred on August 4 at approximately 12:30 UTC+3.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe website has been disabled to prevent users from making deposits. Please use contracts to withdraw funds,\u201d CrediX warned.<\/p>\n<\/blockquote>\n<p>Representatives of the protocol have promised to reimburse affected users within 24-48 hours.<\/p>\n<p>Analysts at PeckShield stated that the hack was caused by the compromise of an administrator account.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Today&#8217;s <a href=\"https:\/\/twitter.com\/CrediX_fi?ref_src=twsrc%5Etfw\">@CrediX_fi<\/a> hack is due to compromised admin account 0xF321683831Be16eeD74dfA58b02a37483cEC662e, which has a number of roles, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN. <\/p>\n<p>And the BRIDGE role is abused to drain\/borrow pool assets\u2026 <a href=\"https:\/\/t.co\/JGuLmh8zWu\">https:\/\/t.co\/JGuLmh8zWu<\/a> <a href=\"https:\/\/t.co\/0jmAuvtcJv\">pic.twitter.com\/0jmAuvtcJv<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1952317721271488693?ref_src=twsrc%5Etfw\">August 4, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The account had access to several functions, including POOL_ADMIN, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, RISK_ADMIN, and BRIDGE. The latter allowed the introduction or borrowing of assets, enabling the perpetrator to issue unsecured acUSDC tokens.<\/p>\n<p>SlowMist added that six days ago, the attacker&#8217;s address was added to the CrediX multisig wallet with admin and bridge rights via ACLManager.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8SlowMist TI Alert\ud83d\udea8<\/p>\n<p>MistEye detected that <a href=\"https:\/\/twitter.com\/CrediX_fi?ref_src=twsrc%5Etfw\">@CrediX_fi<\/a> has been exploited.<\/p>\n<p>The CrediX Multisig Wallet, 6 days ago, added an attacker as both Admin and Bridge via ACLManager.<a href=\"https:\/\/t.co\/E6tbBEI76M\">https:\/\/t.co\/E6tbBEI76M<\/a><\/p>\n<p>This enabled the attacker, acting in the Bridge role, to directly mint\u2026 <a href=\"https:\/\/t.co\/GiXswzNZqS\">https:\/\/t.co\/GiXswzNZqS<\/a> <a href=\"https:\/\/t.co\/jJjYR1eyET\">pic.twitter.com\/jJjYR1eyET<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1952312873822396712?ref_src=twsrc%5Etfw\">August 4, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThis allowed the perpetrator, acting in the bridge role, to directly mint collateral tokens for themselves. Consequently, the hacker borrowed a large volume of assets, depleting the pool,\u201d experts explained.<\/p>\n<\/blockquote>\n<p>According to <a href=\"https:\/\/x.com\/CertiKAlert\/status\/1952325010649174176\">CertiK<\/a>, following the attack, the cryptocurrency was moved from the Sonic network to Ethereum. As of the time of writing, the stolen coins are located at three addresses.<\/p>\n<p>Earlier, researchers at Global Ledger <a href=\"https:\/\/forklog.com\/en\/news\/cybercriminals-accelerate-laundering-of-cryptoassets\">identified<\/a> the speed of fund withdrawal following hacks as a major issue in the crypto industry. Analysts noted that in the first half of the year, hackers stole over $3.01 billion in 119 incidents.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The blockchain-based DeFi lending platform CrediX, built on Sonic, has suffered an attack, losing approximately $4.5 million in cryptocurrency. The project team has suspended the website&#8217;s operations. Credix seems to have had a security breach. We are investigating and will share details soon \u2014 CrediX (@CrediX_fi) August 4, 2025 The breach occurred on August 4 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":25807,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1424],"class_list":["post-25808","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-protocols"],"aioseo_notices":[],"amp_enabled":true,"views":"57","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/25808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=25808"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/25808\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/25807"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=25808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=25808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=25808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}