The DeFi market of 2025 has been shaken by news of another attack amid increasing security vulnerabilities. Just weeks after its launch, Sonic-based decentralized finance (DeFi) protocol CrediX Finance suffered a $4.5 million cyberattack. The project team temporarily took the platform offline to protect users.
Account with critical privileges compromised
On August 4, blockchain security firm PeckShield announced that the CrediX Finance administrator account had been compromised. This account held the platform's most important administrative privileges: Pool Admin, Bridge, Asset Listing Admin, Emergency Admin, and Risk Admin, with a number of high-level permissions granted to it.
Specifically, the attacker used the Bridge privilege to transfer funds from the Sonic chain to Ethereum. During this process, funds were stolen or unauthorized borrowing from asset pools. Additionally, a counterfeit token, acUSDC (Credix Market Sonic USDC), was minted, devoid of any underlying assets. The platform reportedly suffered a total loss of approximately $4.5 million.
Funds transferred to the Ethereum network
Immediately after the cyberattack, blockchain security firm CertiK confirmed that all stolen funds were bridged from Sonic to the Ethereum network and are currently held in three different wallets. The funds remain under attack; although they have been transferred, they have not yet been transferred to another wallet or exchanged.
Following the incident, the CrediX team attempted to reassure investors via X (formerly Twitter), saying, “All user funds will be fully refunded within 24 to 48 hours.” However, this statement was met with mixed reactions among investors, as full recovery of funds is extremely rare in the DeFi sector in such incidents.
Multi-sig vulnerabilities on the rise in 2025
This attack comes as vulnerabilities targeting multi-sig wallets have become a prominent attack method in the first half of 2025. In the first six months of the year alone, approximately $3.1 billion worth of cryptocurrency was stolen from the DeFi sector through such exploits.
The incident with CrediX Finance once again highlighted the sector's immaturity and the fact that security remains a serious threat. Especially for newly launched protocols, their pursuit of rapid growth and user acquisition, often leads to dramatic outcomes when they neglect security testing.
While CrediX's promise of a refund has somewhat rekindled investor hopes, the process and whether the funds will actually be recovered remain uncertain. Currently, the only known information is that the funds are still held in the attacker's Ethereum wallets and have not yet been moved.
