In brief
- The DeFi protocol CrediX was compromised.
- An attacker swiped $4.5 million worth of crypto.
- CrediX said all funds would be recovered in two days.
An attacker swiped $4.5 million worth of crypto from decentralized finance protocol CrediX on Monday, according to blockchain security firm CertiK.
The funds, which still appear to be under an attacker’s control, were then bridged from Sonic, a layer-1 network that debuted last year, to Ethereum, CertiK said in a post on X.
CrediX acknowledged on X that a security breach had occurred, and that its website had been taken offline. It then promised that “all funds will be recovered in full” within the two days.
As of 11 a.m. Eastern Time, CrediX’s website was still offline. And within CrediX's official Telegram channel, some users clamored for advice on how to withdraw funds.
The attacker was able to gain access to an administrative account that allowed it to mint unbacked stablecoins on CrediX, according to Peckshield. Using these funds, the attacker was able to withdraw other assets that users had posted to CrediX as collateral, it said on X.
The attacker was given special privileges on CrediX six days ago, according to blockchain security firm SlowMist, which confirmed on X that the protocol had been drained.
CrediX bills itself as an aggregator and optimizer allowing users to engage with multiple DeFi protocols in one location, such as Compound and Aave. On X, CrediX said last month that users can earn an annual interest rate of over 10,000% by lending assets on the platform.
In 2022, the former Securities and Exchange Commission Chair Gary Gensler warned there may be “a lot of risk” behind yields that sounds “too good to be true.” His comments followed the collapses of Voyager Digital and Celsius network at the tail-end of pandemic-era crypto boom.
Sonic’s mainnet debuted in December, not long after the network was rebranded from Fantom. Around $437 million worth of assets are currently used in DeFi protocols, according to crypto data provider DeFiLlama.
CrediX has detailed plans for an airdrop centered on its upcoming CREDIT token, however, it hasn’t been released yet. On Monday, Sonic’s native S token rose 1.6% to $0,30, but the token’s price has decreased 39% over the past month.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.