CrediX Loses $4.5 Million in DeFi Hack via Unbacked Stablecoins

Generated by AI AgentCoin World
Monday, Aug 4, 2025 11:37 am ET1min read
Aime RobotAime Summary

- DeFi platform CrediX lost $4.5M via unbacked stablecoin manipulation on July 26, 2025, exploiting an admin account with escalated permissions.

- Attackers transferred funds from Sonic (formerly Fantom) to Ethereum, prompting CrediX to shut down its site and promise two-day recovery.

- The incident highlights risks of permissioned DeFi protocols, with CrediX previously offering unsustainable 10,000% yields linked to 2021 crypto collapses.

- Sonic's $437M DeFi assets at time of breach underscore systemic vulnerabilities in algorithmic stablecoin-based platforms requiring stronger security audits.

A decentralized finance (DeFi) platform, CrediX, was exploited for approximately $4.5 million worth of cryptocurrency on July 26, 2025, through a sophisticated attack involving unbacked stablecoins [1]. The breach was reported by blockchain security firm CertiK, which noted that the funds were initially bridged from the Sonic layer-1 network to Ethereum [1]. Despite the theft, CrediX assured users on X that all funds would be recovered within two days, and its website was taken offline as a precautionary measure [1]. As of the morning of July 27, the site remained inaccessible, and users were reportedly seeking guidance on withdrawing their assets via the platform’s Telegram channel [1].

The attack involved the manipulation of an administrative account that allowed the perpetrator to mint unbacked stablecoins on CrediX, which were then used to withdraw other collateral assets from user accounts [1]. According to Peckshield, the attacker was granted special privileges on the platform just six days prior to the breach [1]. This timeline suggests a potential failure in access controls or a deliberate escalation of permissions, both of which highlight vulnerabilities in permissioned DeFi protocols.

CrediX positions itself as an aggregator and optimizer for multiple DeFi protocols, enabling users to interact with platforms like Compound and Aave in a single interface [1]. The platform had previously attracted attention for offering extraordinarily high yields—over 10,000% annual interest rate—on user deposits, a claim that aligns with broader concerns raised by former SEC Chair Gary Gensler in 2022 regarding the risks of unsustainable returns [1]. The collapse of similar platforms like Voyager and

Celsius
during the 2021 crypto boom underscores the volatility and fragility of systems that promise unrealistic returns.

Sonic, the layer-1 network through which the stolen funds were transferred, rebranded from Fantom earlier in the year and launched its mainnet in December 2024 [1]. At the time of the breach, around $437 million in assets were in use on DeFi protocols across the network, according to DeFiLlama [1]. CrediX also had plans to introduce an airdrop for its upcoming CREDIT token, though no timeline had been announced [1].

This incident highlights the ongoing challenges in securing DeFi platforms, particularly those that rely on unbacked or algorithmically stabilized assets. While CrediX’s commitment to recovery and transparency may help restore user trust, the broader DeFi community must continue to prioritize rigorous security audits, real-time monitoring, and clear communication during crises to mitigate reputational and financial risks [1].

Source:

[1] Attacker Swipes $4.5 Million From Credix Using Unbacked Stablecoins (https://decrypt.co/333389/attacker-swipes-4-5-million-credix-unbacked-stablecoins)

Comments



Add a public comment...
No comments

No comments yet