The CrediX account on X has disappeared, with suggestions that the $4.5M recent hack may have been a rug pull. The lending protocol on Sonic chain suffered an attack with unlimited token minting, with up to $4.5M unauthorized assets created.
The CrediX recent hack for a total of $4.5M is suspected to be an inside job and a form of rug pull. The relatively minor project on the Sonic chain was exploited on August 4, as on-chain researchers noted a $2.64M flash loan and a total of $4.5M in unauthorized wrapped USDC.
As Cryptopolitan reported, the initial theory for the hack was a flawed smart contract or another form of access to the minting function. However, the disappearance of the CrediX account on X sparked suggestions of a rug pull. The disappearance of the team suggested the private keys were not leaked or taken from a code repository, but may have been controlled by the team all along.
The team may have disappeared as a way to avoid tackling a complex DeFi situation with contagion to other protocols. However, some of the bridged funds on Ethereum were already moved through TornadoCash, with the remaining funds still being watched for transfers.
CrediX team disappears after promising compensation in 24 hours
Initially, the CrediX team stated it would reimburse all funds lost, but while traders waited, the team disappeared. The team said there would be a repayment of all claims through smart contracts to compensate for the funds stolen from the Sonic-Ethereum bridge.
Rug pulls have been relatively rare during the 2024-2025 bull cycle, with the exception of meme tokens. In the DeFi space, most projects tried to prove reliability and robust reserves, even in the face of hacks. Protocols like Cetus DEX managed to recover some of their funds and relaunch. There are also more robust efforts to track down and lock funds where possible.
Based on the unauthorized minted wrapped tokens, the team may still have access to the 4.5M USDC on Ethereum, with no mention of tagging the wallet or freezing. In this case, the value did not disappear, but is held entirely by the exploiters.
CrediX contagion spreads to other protocols
The CrediX loss caused panic to spread to other protocols, despite indirect exposure. Trevee, formerly Rings Protocol, was affected due to holding some scUSD from CrediX.
Trevee staked the scUSD to mint metaUSD. When the CrediX exploit happened, all liquidity providers disappeared, leading to over $1.8M unbacked metaUSD. Rings Protocol covered some of the unbacked tokens, but still suffered a loss by holding 737,427 scUSD.
The fallout of CrediX essentially generated additional bad debt in the Trevee protocol, affecting stkscUSD and veUSD holders. To prevent further contagion, Trevee stopped minting and redemptions for its stablecoins.
Stability DAO vaults were also affected by the draining of liquidity from CrediX stablecoins. Stability’s Metavaults were affected, with an estimated up to 30% to 40% of funds exposed to CrediX. Stability is working with the Sonic team to resolve the situation, which may include the doxing of the CrediX team and raising the case with authorities. Metavaults are now closed and expected to reopen next week.
The exploit did not affect Sonic, which still holds around $467 million in total value locked. Beets, Aave, and Silo Finance remain the top lending protocols, with around $400M in total value locked.
KEY Difference Wire helps crypto brands break through and dominate headlines fast