Attack Details
On August 4 at 09:10 UTC, CrediX Finance, a decentralized lending protocol built on the Sonic blockchain, detected a security breach resulting in the loss of $4.5 million in user funds. The protocol’s front end was immediately taken offline to halt further deposits and protect remaining assets.
Funds Movement
Blockchain security firm CertiK traced the stolen tokens as they were bridged from Sonic to Ethereum and distributed across three separate wallets. Analysis indicates that attackers exploited a multisignature wallet vulnerability, aligning with a broader trend of such breaches accounting for more than $3.1 billion in losses during H1 2025.
Platform Response
In a statement on social media, CrediX Finance’s governance team pledged full compensation of user losses within 24–48 hours. The team is collaborating with leading audit and recovery specialists to reverse unauthorized transfers and fortify contract security. The protocol’s website and smart contracts remain under review.
Industry Context
Multi-sig wallet exploits have emerged as the primary DeFi risk vector in 2025, prompting many protocols to adopt enhanced on-chain monitoring and automated pause mechanisms. CrediX’s swift outage and recovery plan reflect a maturing response framework within decentralized finance.
Next Steps
CrediX will deploy patched contracts and reenable services only after comprehensive security audits. A post-mortem report is scheduled for release later this week, outlining root cause analysis and recommended best practices for collateral and liquidity management in DeFi.
Reporting by Oliver Knight; Editing by Sheldon Reback.
Comments (0)