Daily newsHot NewsHot TopicReleases

CrediX Finance vanishes after $4.5M exploit

BlockScout

Key takeaways

  • A $4.5M exploit hit CrediX on August 4 after attackers abused admin and bridge wallet permissions to drain liquidity pools.
  • CrediX took its site offline and later went silent across X and Telegram, prompting exit scam concerns.
  • The team had publicly claimed the exploiter agreed to return funds within 24–48 hours, then removed posts and disappeared.
  • Stability DAO says it has KYC data for two CrediX members and is preparing a legal report with other affected teams.
  • Trevee reports indirect exposure through Stability’s metaUSD and says it reduced risk and paused minting.

CrediX Finance, a decentralized finance (DeFi) protocol, has effectively vanished following a $4.5 million exploit that drained liquidity from its pools. The incident occurred on August 4, when blockchain security analysts detected suspicious activity involving the protocol’s multisig admin and bridge wallets. According to their findings, attackers were able to use these elevated permissions to mint unbacked crypto assets, then deploy those assets as collateral to withdraw large sums from CrediX’s liquidity pools. The stolen funds were later bridged to other networks, making recovery efforts more complex.

CrediX Finance vanishes after $4.4M exploit, social channels inactive since August 4. Source: CertiK

Shortly after the exploit was identified, CrediX shut down its website to prevent further deposits. On its official X account, the team initially reassured users that it was working on a resolution. They claimed to have reached an agreement with the exploiter, who had allegedly promised to return the stolen funds within 24–48 hours in exchange for compensation from the protocol’s treasury. As part of the arrangement, CrediX pledged to reimburse all affected users through an airdrop funded by its own reserves.

However, those reassurances quickly unraveled. Within days, the original statements disappeared from CrediX’s social channels. By the end of the week, the project’s X account went dark, its Telegram group was deleted, and no further public communications were issued. The abrupt silence has fueled suspicions among the DeFi community that the incident may have been an exit scam rather than an isolated hack.

Stability DAO moves to recover funds and identify CrediX members

In the wake of the incident, Stability DAO announced that it has begun formal legal preparations to pursue the case. The DAO stated that it is working with several other projects impacted by the CrediX exploit, including Sonic Labs, Euler, Beets, and Trevee (formerly Rings Protocol). These collaborations aim to pool resources, gather evidence, and coordinate with law enforcement and cybercrime units in an effort to trace and recover the stolen assets.

CrediX took its website offline and deleted social media activity, raising fears the team has disappeared. Source: Coinpedia

Stability DAO also revealed that it possesses KYC information for two CrediX Finance team members. This information, they said, will be included in the legal report to the authorities. The DAO promised to release a detailed incident report to the community, outlining the technical details of the attack and the recovery steps being taken.

The ripple effects of the hack have extended beyond CrediX’s direct users. Trevee reported that it was indirectly affected through a $1.6 million loan to Stability’s metaUSD. This exposure became fully linked to CrediX after a bank run drained metaUSD liquidity. Trevee has since reduced its exposure to approximately $700,000, paused the minting of its stock USD asset, and adjusted its backing price to mitigate further risk.

What happens next

The immediate priority for Stability DAO and other affected projects is to follow the digital trail of the stolen funds and secure any assets that can be frozen. While blockchain forensics can sometimes identify wallet addresses linked to stolen funds, actual recovery often depends on cooperation from exchanges and law enforcement agencies.

For the DeFi sector, the CrediX case is a reminder of the critical importance of multisig and bridge wallet security. The incident highlights how vulnerabilities in administrative access controls can lead to catastrophic losses, even without a direct exploit of smart contract code. Whether CrediX will reappear to fulfill its promised reimbursements remains uncertain, but for now, its disappearance stands as another cautionary tale in the volatile world of decentralized finance.

You May Also Like

Argentina's President Javier Milei has officially disbanded the government task force investigating the Libra cryptocurrency scandal through Decree 780/2024, citing alignment with his pro-crypto stance and libertarian principles.

Argentina President Javier Milei Shuts Down Libra Crypto Scandal Investigation Task Force

Meta Maven

Singapore Blocks Polymarket, Joining Taiwan and France

Meta Maven

Avalanche Leads Blockchain Transaction Growth Amid US Government Implementation

Byte by byte
You have not selected any currencies to display