This Week in Crypto Hacks: CrediX Claims To Recover $4.5M After Striking Deal With Attacker

ccn.comPublicado em 2025-08-03Última atualização em 2025-08-05

Key Takeaways
  • Sonic-based decentralized yield aggregator CrediX was hacked for $4.5 million.
  • The attack took advantage of vulnerabilities in the platform’s access controls.
  • The team behind the platform claims to have negotiated for the hacker to return stolen funds.

On Monday, Aug. 4, Sonic-based loan and yield aggregator CrediX suffered a $4.5 million loss after a hacker accessed crucial admin controls that let them drain funds from the platform.

Following the attack, CrediX announced on X that an agreement for the return of the funds had been reached with the hacker.

CrediX Hack: What Happened?

Barely a month after its launch, CrediX was exploited in an attack that took advantage of vulnerabilities in the platform’s access controls.

According to an analysis by Halborn, six days before the theft occurred, the hacker used their access to grant themself a broad set of permissions.

Using these, they minted unbacked acUSDC tokens, which they swapped for real USDC before bridging it to Ethereum and laundering via Tornado Cash.

In response, CrediX’s administrators took the website down to prevent further deposits and urged users to withdraw funds via smart contracts.

Hacker Agrees To Return Funds

On Tuesday, CrediX announced on X that the exploiter had agreed to return the stolen funds within 48 hours. In return, they will receive money paid from the CrediX treasury, which is segregated from users’ assets.

Affected users will be airdropped their share of the returned funds, the post said. “We apologize for how this turned out and the distress caused to the Sonic community and our users,” it added

The attacker eventually agreed to return all $4.5 million. The platform called it a “successful parley” in its social media post but did not share the terms of the deal or the identity of the attacker.

An Inside Job?

While little is known about CrediX’s founders, the nature of the recent hack raises the possibility of it being an inside job.

Access control systems for decentralized protocols are typically tightly restricted, and permissions are usually only granted to trusted team members or multisig wallets.

Users on CrediX’s Telegram Channel have speculated that the alleged hack was, in fact, a rug pull.

At the time of writing, assets had not been reimbursed as promised CrediX’s X post.

Meanwhile, many users reported being unable to withdraw funds via smart contract due to insufficient liquidity in certain pools.

Was this Article helpful? Yes No

Leituras Relacionadas

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

The BIS report, "Anchoring trust in money: innovation beyond stablecoins," highlights that the primary risks of stablecoins extend beyond potential de-pegging. It argues that the core challenge is whether stablecoins can be integrated into a financial system that is identifiable, monitorable, accountable, and regulatable. While acknowledging efficiency gains like faster payments and programmability, BIS emphasizes that money requires an institutional framework—including legal certainty, liquidity support, and financial integrity controls—which many stablecoins currently lack. The report details compliance risks, noting that while blockchain transactions are transparent, address visibility does not equate to identity or purpose clarity. This creates a systemic risk as pseudonymity, non-custodial wallets, and cross-chain bridges can undermine AML/CFT controls. Furthermore, these risks can spill over into the traditional financial system through on- and off-ramps. The future direction, per BIS, is not to prohibit innovation but to embed regulatory rules—such as identity verification and transaction screening—directly into the technological infrastructure of tokenized finance. The key takeaway for compliance is that any new financial instrument must clearly address questions of customer identification, transaction monitoring, accountability, and cross-border rule consistency to be viable as a mainstream payment tool.

marsbitHá 1h

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

marsbitHá 1h

When US Giants Collectively "Defect" to Chinese AI Models

When Silicon Valley Giants Turn to Chinese AI Models to Cut Costs A surprising trend is emerging: major U.S. tech companies are significantly reducing AI costs by switching to Chinese models. Coinbase, the largest U.S. cryptocurrency exchange, reportedly halved its AI spending after migrating to China's GLM-5.2 and Kimi 2.7 models, despite increasing usage. They achieved this through a sophisticated three-part strategy: implementing an automatic routing system to select the most cost-effective model per task, boosting cache hit rates from 5% to 60% to reuse computations, and employing "context engineering" to provide AI with more precise, less cluttered information. They are not alone. AI startup Lindy switched from Claude to DeepSeek, saving millions, while Snowflake's tests found GLM-5.2 solved 66% of coding tasks compared to Claude Opus's 67%—but at a fraction of the cost (output pricing is 5-7 times lower). While the top Western models may offer slightly better stability, the massive price differential is leading many businesses to reconsider their value proposition. This shift signals a deeper change in the AI industry, moving beyond pure performance benchmarks to a fierce cost competition. As pressure mounts, even OpenAI and Anthropic have begun slashing prices. For users, this means more choices, lower costs, and a crucial lesson: using multiple models based on task complexity, optimizing with caching, and keeping contexts lean are now key to leveraging AI efficiently and affordably.

marsbitHá 1h

When US Giants Collectively "Defect" to Chinese AI Models

marsbitHá 1h

BIS Report Compliance Watch: The Real Risks of Stablecoins Are Not Just 'De-pegging'

BIS Report Compliance Observations: The real risks of stablecoins go beyond "depegging" The BIS report "Anchoring trust in money: innovation beyond stablecoins" argues that while stablecoins and tokenization offer efficiency gains, their primary risk lies in fitting into an identifiable, monitorable, accountable, and regulatable financial system. Money's trust stems not just from technology but from institutional arrangements: a common unit of account, guaranteed redemption at par, liquidity support, regulatory frameworks, and financial integrity requirements. Stablecoins, operating on permissionless blockchains with pseudo-anonymity and non-custodial wallets, create systemic compliance gaps: unclear customer identity, incomplete fund origins, unexplained transaction purposes, fragmented cross-chain paths, and ambiguous liability. On-chain transparency does not equal compliance transparency. Public addresses don't reveal identity or intent. While blockchain analytics aid law enforcement, they cannot replace routine, large-scale AML/CFT controls. Effective compliance requires a closed-loop process encompassing customer onboarding, transaction monitoring, investigation, reporting, and audit. Stablecoin risks are not confined to the blockchain; they re-enter the traditional financial system via on/off-ramps, exchanges, and payment institutions. This forces banks to monitor client accounts for activity linked to virtual assets. The future direction is not to prohibit innovation but to embed rules into the technology. Tokenized finance should integrate with the existing two-tier monetary system, embedding compliance—like customer identification, pre-transaction screening, and auditable data trails—directly into the transaction flow. For compliance professionals, the key takeaway is that any new financial instrument must answer core questions: Who identifies the customer? Who monitors transactions? Who handles exceptions? Who is liable? Compliance is not the antithesis of innovation but the essential infrastructure for its sustainable growth.

链捕手Há 1h

BIS Report Compliance Watch: The Real Risks of Stablecoins Are Not Just 'De-pegging'

链捕手Há 1h

Trading

Spot
活动图片