Digital lending platform CrediX vanishes following a $4.5 million exploit, sparking suspicions of an exit scam.
In a troubling turn of events for the decentralised finance (DeFi) sector, CrediX, a lending protocol on the Sonic blockchain, has suffered an exploit that resulted in a loss of $4.5 million. The incident, which occurred on August 4, 2025, saw attackers gain administrative control of a multisignature wallet and mint unbacked tokens to drain the liquidity pool.
The breach has left the official communication channels, including the platform’s X (formerly Twitter) account, deactivated, with the team behind the project effectively disappearing. This has raised strong suspicions of an exit scam, with no official updates from the CrediX team regarding remediation, audits, or a recovery roadmap as of mid-August 2025.
The attack was executed by an attacker who was added as Admin and Bridge controller to CrediX’s multisig wallet six days before the exploit. This allowed the minting of fake collateral tokens (acUSDC) and borrowing real assets, effectively creating funds out of thin air and draining the protocol. Blockchain security firms PeckShield, SlowMist, and CertiK have confirmed the compromised roles and noted that the stolen funds were moved from Sonic to Ethereum but have not yet been cashed out.
Following the theft, CrediX disabled its website and the deactivation of its X account suggested an attempt to avoid misinformation or further scrutiny. Initially, the team promised refunds and negotiations with the exploiter, but soon they vanished without delivering recovery, intensifying concerns among the community about an exit scam.
The deactivation of the project's online presence, including the loss of its X account and closure of community channels, has fueled speculation that CrediX might be using the hack as a smokescreen to withdraw balance funds. The surge in the token's value despite the incident's circumstances is a notable occurrence, but the team's silence since the announcement has raised community suspicion that CrediX might be an exit scam.
The lack of transparency and action from CrediX serves as a harsh reminder of the trust deficit in the DeFi sector. Industry experts emphasise the critical need for transparency, third-party audits, and better access controls in DeFi projects to prevent similar systemic vulnerabilities. It is uncertain whether law enforcement or forensics of all blockchain companies will become involved in the CrediX incident, but the situation highlights the importance of transparency and effective communication in the DeFi industry, especially in times of crisis.
In summary, the investigation status reveals that security firms have analysed the breach mechanics, but the project team has gone silent after promising recovery, leading to widespread speculation of an exit scam and no clear update on fund recovery or forensic audit results as of mid-August 2025. The CrediX incident is another warning in the turbulence of DeFi history, emphasising the need for transparency and effective communication in the DeFi sector.
- The CrediX team's disappearance after the exploit, coupled with the deactivation of their official communication channels, has led to strong suspicions of an exit scam within the decentralized finance (DeFi) community.
- The attacker gained administrative control of CrediX's multisignature wallet and minted unbacked tokens, draining the liquidity pool and creating funds out of thin air using smart contracts on the Sonic blockchain.
- The stolen funds were moved from Sonic to Ethereum, but no cash-out has been reported as of mid-August 2025, according to blockchain security firms PeckShield, SlowMist, and CertiK.
- The lack of action from CrediX, such as remediation, audits, or a recovery roadmap, alongside the surge in the token's value despite the theft, intensifies community concerns and underscores the importance of transparency and effective communication in the DeFi sector.
