Decentralized finance protocol CrediX has suffered a major security breach, resulting in an estimated $4.5 million loss.
The attack stemmed from the compromise of an admin account, identified as 0xF321…EC662e, which had access to critical roles within the protocol, including POOL_ADMIN, BRIDGE, ASSET_LISTING_ADMIN, EMERGENCY_ADMIN, and RISK_ADMIN.
The attacker exploited the BRIDGE role to drain and borrow pool assets, and notably minted unbacked acUSDC tokens linked to the CrediX Market on the Sonic network.
The misuse of administrative privileges reveals a major lapse in protocol access control, a recurring vulnerability across many DeFi platforms.
Cyvers Detects Exploit Linked to Tornado Cash Funding
Crypto security firm Cyvers Alerts was among the first to detect a series of suspicious on-chain transactions indicating an exploit.
Investigators traced the funds back to an Ethereum address that received assets via Tornado Cash, a privacy-focused crypto mixer often used to launder illicit funds.
After receiving ETH through Tornado Cash, the attacker bridged those assets to the Sonic network, interacted with CrediX, and borrowed approximately $2.64 million in assets.
The funds were bridged back to Ethereum, while the corresponding address for the funds did not exert any further on-chain activity.
The transaction pattern, involving the cross-chain movement and obfuscating of funds, appear to correspond indeed with the tactics commonly exploited in the DeFi ecosystem.
CrediX Admits Breach, Announces Complete Investigation
The breach was publicly announced by CrediX via its X account, acknowledging that it had suffered a security incident and was starting an internal investigation.
While the exact avenue of the exploit and the total financial impact are yet to be determined, the protocol’s earliest communication and transparency seem to be a very quick and serious response.
CrediX confirmed that they are in close cooperation with on-chain forensic specialists to realize how the leak occurred and identify vulnerabilities in the protocol.
Members of the community were urged to stay alert and wait for proper notifications as mitigation procedures were being conducted.
Also Read: Iran’s Senior IRGC Investigators Accused of Embezzling Over $21 Million in Crypto Assets
Sonic Network Security Under Scrutiny
This event has put the weaknesses that are associated with cross-chain DeFi platforms as well as lending protocols for liquidity under the spotlight.
Sonic network, picking up momentum as a younger Layer 1 solution, is now under widespread examination for its security protocol and vigilance in terms of listing third-party protocols like CrediX.
The exploit also set fire to industry discussion regarding the threat posed by funds that have originated from Tornado Cash, which is still an attack favorite in spite of international regulatory action.
In the future, the way both Sonic and CrediX handle the aftermath will be critical to restoring trust on the part of developers, investors, and DeFi players as a whole.
Bigger Threat Landscape: Growing Warnings across the DeFi Space
The CrediX hack comes amid a series of advisories from crypto security researchers reporting a bigger DeFi-based threat upsurge.
Scam Sniffer reported the threat of a phishing Aave website mimicking the original platform, topping Google search through misleading ads that tricked users into providing wallet access permissions.
Earlier on May 23rd, however, Moonlock was reported to have started witnessing an increase in phishing attempts for seed phrase and wallet theft through an identical Ledger Live app.
In parallel in June, SlowMist detected a severe vulnerability in Meta Pool’s deposit function, potentially allowing unregulated token inflation.
This speaks to the creative potential of cyber criminals and underlines the great importance of extra security measures and awareness from users in the Decentralized Finance world.