In August 2025, CrediX, a decentralized exchange (DEX) hosted on Sonic, was the victim of a hack about a month after its launch. The attacker took advantage of poor access controls to drain an estimated $4.5 million from the protocol.
Inside the Attack
The CrediX hack began six days before the actual exploit when an account controlled by the attacker was assigned a broad set of permissions, including ASSET_LISTING_ADMIN, BRIDGE, EMERGENCY_ADMIN, POOL_ADMIN, and RISK_ADMIN via ACLManager. Of these, the BRIDGE role was critical to the attack.
The CrediX hacker used the privileges granted to their malicious account to mint unbacked acUSDC tokens within the protocol’s Sonic USDC market. Additionally, the attacker drained deposited assets from the protocol’s pools. In total, an estimated $4.5 million was stolen from the protocol and later bridged to Ethereum from Sonic, where it was divided across three different wallets. Tornado Cash also played a role, providing the initial funding for the attack and laundering part of the proceeds.
In the wake of the incident, CrediX reported the incident on X and also took its website offline to prevent additional users from depositing assets into the protocol before the team could complete its investigation and mitigate the harm caused by the compromised admin account. Additionally, users were advised to make any withdrawals via smart contracts instead. In response to concerns, the CrediX team stated that all user funds would be returned within 24-48 hours of the incident.
Lessons Learned from the Attack
The CrediX hack began when the Credix Multisig wallet assigned wide-reaching permissions to an account owner by the attacker. This provided the attacker with all of the access and privileges needed to mint tokens and drain value from the protocol.
This type of access control issue underscores the importance of proper privilege management and decentralized governance within DeFi protocols. The attacker identified and exploited a vulnerability in the protocol’s privilege management system that allowed them to be assigned an excessive level of permissions that were critical to the attack.
This incident underscores the importance of secure protocol design when implementing DeFi protocols. Strict access controls and separation of privilege are essential to prevent unauthorized users from abusing privileged functions or unilaterally taking dangerous actions.
Halborn offers security consulting services designed to help DeFi protocols implement protocols that align with security best practices and protect against this type of threat. To learn how to enhance your protocol’s security with Halborn, get in touch.