According to BlockBeats news on August 4, the administrator account address of the DeFi platform Credix was attacked, which holds multiple key permissions, including:
· POOL_ADMIN (Liquidity Pool Administrator) · BRIDGE (Cross-chain Bridge Permission) · ASSET_LISTING_ADMIN (Asset Listing Administrator) · EMERGENCY_ADMIN (Emergency Administrator) · RISK_ADMIN (Risk Control Administrator)
The attacker exploited the BRIDGE permissions to steal or borrow assets from the liquidity pool, with an estimated loss of approximately $4.5 million. This also includes the minting of fake (without real asset backing) acUSDC tokens (Credix Market Sonic USDC).