Exit Scam? DeFi Protocol CrediX’s Team Vanishes Following $4.5 Million Exploit

The team behind the DeFi protocol CrediX is suspected of an exit scam following a recent $4.5 million security breach. The team has reportedly “vanished” from the project’s official channels despite promising refunds, leaving customers empty-handed.

DeFi Protocol Suffers $4.5 Million Exploit

On Friday, security firm CertiK reported that the DeFi lender CrediX’s team had disappeared following the platform’s recent exploit, leaving its website offline since the August 4 incident and suddenly deleting the official X account.

For context, the Sonic-based DeFi lender suffered a security breach on Monday after a potential wallet compromise led to the theft of $4.5 million from the protocol’s liquidity pool.

Blockchain security firm PeckShield explained that the alleged hack was due to a compromised admin account, which allowed the exploiter to abuse its BRIDGE role to mint unbacked acUSDC (Sonic USDC) tokens, borrow against them, and drain the pool, before bridging the assets from Sonic Network to Ethereum.

Notably, SlowMist found that the CrediX multisig wallet added an attacker as an admin and bridge role via ACLManager six days before, which raised concerns among investors.

The DeFi lender’s team acknowledged the incident on X, stating that they had disabled the website to prevent users from depositing. Later, the team informed its community that it had allegedly “reached successful parley with the exploiter, who agreed to return the funds within the next 24-48 hours.”

According to the now-deleted post, posted on CrediX’s official Telegram account by a user, the attacker agreed to return the funds “in return for money fully paid by the credix treasury.”

The team affirmed that they would airdrop the funds to the affected users’ addresses in “the respective timeframe.”

CrediX Goes Dark

The following day, the team addressed the exploit on Telegram, stating, “We are truly sorry for this devastating incident and the impact it may have on our community,” and affirmed that they would keep users updated on the next steps before disappearing and deactivating the official X account.

On Thursday, the Sonic-based Stability DAO confirmed on its Discord server that CrediX had “gone dark and disappeared,” directly affecting the protocol’s users. The exploit affected Stability DAO’s Metavaults as the project had recently integrated with CrediX.

In the message, the protocol announced that all the affected teams, including Sonic Labs, Euler, Beets, and Rines Protocol (Trevee), were in communication and actively working on “filing a formal legal report with the authorities in hopes of recovering lost funds.”

Additionally, they have obtained information on two of the DeFi lender’s members, which would be added to the report alongside the rest of the evidence.

“A full incident report will be shared with the community soon, outlining everything that happened and what steps are being taken,” the message vowed.

This incident follows the alarming trend that has been developing this year. As reported by NewsBTC, crypto theft has surged this year, reaching a total loss of $2.7 billion in the first half of 2025.

By the end of June, more value had been stolen year-to-date (YTD) than during the same period in 2022, suggesting that theft from crypto services and DeFi projects could potentially hit $4.3 billion by year’s end.