The official CrediX account on blogging platform X has disappeared after the platform suffered a $4.5 million hack. The disappearance has prompted many to speculate that the said hack was a rug pull. The lending protocol on Sonic chain suffered an attack with unlimited token minting, with up to $4.5M unauthorized assets created.
The CrediX recent hack for a total of $4.5M is suspected to be an inside job and a form of rug pull. The relatively minor project on the Sonic chain was exploited on August 4, as on-chain researchers noted a $2.64M flash loan and a total of $4.5M in unauthorized wrapped USDC.
According to a Cryptopolitan report, the initial theory for the hack was a flaw in its smart contract or another form of access to the minting function. The disappearance of the team suggested the private keys were not leaked or taken from a code repository, but may have been controlled by the team all along. The team may have disappeared as a way to avoid tackling a complex DeFi situation with contagion to other protocols. However, some of the bridged funds on Ethereum were already moved through TornadoCash, with the remaining funds still being watched for transfers.
CrediX team disappears after promising compensation
After the hack, the CrediX team said it would reimburse all lost funds. However, while traders were waiting for their update, the team disappeared. Before disappearing, the team claimed they would carry out repayment of all claims through smart contracts to compensate for the funds stolen. Based on the unauthorized minted wrapped tokens, the team may still have access to the 4.5M USDC on Ethereum, with no mention of tagging the wallet or freezing. In this case, the value did not disappear, but is held entirely by the exploiters.
The CrediX loss has caused panic, which has spread to other protocols despite indirect exposure. Trevee, formerly Rings Protocol, was affected due to holding some scUSD from CrediX. Trevee staked the scUSD to mint metaUSD. When the CrediX exploit happened, all liquidity providers disappeared, leading to over $1.8M unbacked metaUSD. Rings Protocol covered some of the unbacked tokens, but still suffered a loss by holding 737,427 scUSD.
The fallout of CrediX generated additional bad debt in the Trevee protocol, affecting holders of stkscUSD and veUSD. To prevent further contagion, Trevee stopped minting and redemptions for its stablecoins. Stability DAO vaults were also affected by the draining of liquidity from CrediX stablecoins. Stability’s Metavaults were affected, with an estimated up to 30% to 40% of funds exposed to CrediX.
Stability is currently working with the Sonic team to resolve the situation, which may include the doxing of the CrediX team and raising the case with authorities. Metavaults have now been closed and are expected to reopen next week. Meanwhile, the exploit did not affect Sonic, which still holds around $467 million in total value locked. Beets, Aave, and Silo Finance remain the top lending protocols, with around $400M in total value locked.
Rug pulls have been relatively rare during the 2024-2025 bull cycle, except meme tokens. In the DeFi space, most projects tried to prove reliability and robust reserves, even in the face of hacks. Protocols like Cetus DEX managed to recover some of their funds and relaunch. There are also more robust efforts to track down and lock funds where possible.
The post CrediX team disappears after a $4.5 million exploit first appeared on Coinfea.
